Social Engineering Fraud: A Dangerous
and Emerging Crime Exposure
January 2015 • Lockton Companies
What is Social Engineering Fraud?
LISA MCALEENAN, CPCU
Senior Vice President
Financial Services
314.812.3246
[email protected]
While Social Engineering Fraud (SEF) is not an intuitive
term, it is easy to understand why businesses face this risk.
SEF occurs when employees and business partners, acting in
good faith, comply with instructions sent via email to make
a payment. Unfortunately, it is actually a third party fraudster
mimicking legitimate correspondence, and can be very
difficult to identify.
SEF is rapidly emerging as an expensive concern for
numerous Lockton clients, with losses being incurred at
an alarming rate. Accordingly, SEF is also emerging as
a hot topic for the insurance market with multiple new
endorsements entering the insurance market and many
insurers denying coverage for these claims.
NOËL OLEKSA, AIC, JD
Claims Consultant
314.812.3186
[email protected]
SEF is rapidly emerging as
an expensive concern for
numerous Lockton clients with
losses being incurred at an
alarming rate.
L
O
C
K
T
O
N
C
O
M
P
A
N
I
E
S
January 2015 • Lockton Companies
What Happens When an SEF Claim is Filed?
SEF claims typically are reported to Crime or Fidelity Bond coverage
for the loss of money being sent to a fraudulent third party. However,
these claims are often being denied, leaving the client without any
practical recourse for recovery. Common insuring agreements under
which an SEF claim would be reported include:
™™ Computer Fraud: the company shall pay the parent
organization for direct loss of money… sustained by an insured
resulting from computer fraud committed by a third party.
hh Computer Fraud is defined as the unlawful taking of money
resulting from a computer violation.
hh Computer Violation is defined as an unauthorized entry into or
deletion of data from a computer system committed by a third
party.
™™ Funds Transfer Fraud: the Company shall pay the parent
organization for direct loss of money sustained by an insured
resulting from funds transfer fraud committed by a third party.
hh Funds Transfer Fraud is defined as fraudulent written,
electronic, telegraphic, cable, teletype, or telephone instructions,
other than forgery, purportedly issued by an organization and
issued to a financial institution, directing such institution to
transfer, pay, or deliver money from any account maintained
by such organization at such institution, without such
organization’s knowledge or consent.
Examples of SEF Claims
™™ An email purporting to be from the
company COO to an employee asks
the employee what information the
employee will need from the COO in
order to make a wire transfer to a
vendor. The employee responds back
that he will need the routing number
and the bank account number. The
COO, who, unbeknownst to the
employee, is actually a third party,
provides the requested information.
The employee, acting in good faith
in the belief that he is assisting his
COO, sends the wire transfer.
™™ A client doing business overseas
has a main vendor partner in China
to whom the client routinely remits
payments for goods via wire transfer.
The client receives notification
from the vendor that the vendor
has changed banks and provides
updated remittance instructions.
The client sends the notification to
the internal accounts payable team
who implements changes reflecting
the updated instructions. After
sending several payments to the
new account, which was created by
a fraudulent third party and not the
vendor, the client is made aware by
the vendor partner that they have
SEF claims are often being denied, leaving
not yet received payment and are
seeking reimbursement for goods
the client without any practical recourse for
sent. Vendor’s email system had been
recovery.
hacked by a fraudulent third party.
2
January 2015 • Lockton Companies
Under these Insuring Agreements, coverage is denied for the first claim
example for a few reasons.
1. The carrier argues that the Computer Fraud Insuring Agreement is not
triggered as the fraudulent payment instructions came into the company
via email, and email by its nature is an authorized entry.
2. The carrier reasons the direct cause of loss is not the email which
was allowed to enter the computer system but was rather the insured
sending the money on the basis of the belief the instructions were
legitimate.
3. The carrier argues the Funds Transfer Fraud Insuring Agreement is
not triggered as the funds were transferred with the organization’s
knowledge or consent, as the organization did have knowledge, albeit
based on a mistaken belief, and the insuring agreement requires the
money be transferred without the organization’s knowledge or consent.
The wording of Computer Fraud or Funds Transfer Fraud Insuring
Agreements can vary from carrier to carrier. The wording we have
provided is typical, but not exclusively used. Nevertheless, carriers are
often responding with denials, based either on a factual element of the loss
deviating from the Insuring Agreement or due to the applicability of an
exclusion in the policy.
While the Insuring
Agreement wording
varies, carriers are often
responding with denials.
™™ Voluntary Parting Exclusion: the so-called Voluntary Parting
Exclusion is one key exclusion that carriers may cite in declining
coverage. A typical wording for the Voluntary Parting exclusion is
as follows: no coverage for loss arising out of anyone acting on the
Insured’s express or implied authority being induced by any dishonest
act to voluntarily part with title to or possession of any property.
To determine whether a loss may be covered, the policy, including the
insuring agreements, definitions and exclusions, must be read very carefully
in light of the specific facts of the loss for which recovery is being sought.
As SEF losses are being presented at a rapidly increasing rate, carriers are
starting to introduce endorsements to allow for certainty on the part of the
insureds and to provide a cap on the risk for insurers.
3
January 2015 • Lockton Companies
New Endorsements
Available in the Market
In light of the need to clarify and
define coverage for SEF, three
key carriers have recently offered
coverage endorsements for SEF
scenarios. We suspect other carriers
will have similar offerings very
soon.
1
Carrier 1 is now offering
SEF coverage under a
Payment Instruction Fraud
endorsement, through which
they are extending either
a $250,000 sublimit or a
$1,000,000 sublimit with a 50%
coinsurance provision.
2
Carrier 2 is offering
SEF coverage under a
Social Engineering Fraud
endorsement, which would
allow an insured to obtain up to
a $250,000 sublimit.
3
Carrier 3 is offering a new
insuring agreement titled
Deception Fraud which may
be added by endorsement
Three key carriers have recently offered coverage
endorsements for SEF scenarios with relatively small sublimits.
Multiple other carriers have refused to declare their position on covering
SEF losses, and clients must continue to submit losses on a case by case
basis to seek coverage and obtain the carrier coverage position. The lack
of certainty is a source of frustration. Lockton Companies stands ready to
discuss coverage options and to advocate for coverage.
Recommendations
We recommend our clients develop and enforce policies and procedures
within their organizations to help employees recognize potential fraudulent
instructions. For specific guidance, carriers have begun distributing bulletins
to insureds providing instructions on proactive measures which may be
taken to avoid or mitigate loss from SEF. An example of such guidance
follows.
™™ Educate your employees. Advise all employees to never send products
or money to a new address or bank account without first verifying via a
telephone call to a previously established contact at the original source
that the request is legitimate.
™™ Establish procedures requiring two or more employees to sign off on
any change to delivery or wire instructions.
™™ Document all such confirmations in writing and include the date and
contact information of the employee at the original source.
™™ Hold regular conversations with your vendors regarding any security
issues with information technology systems, including email.
upon policy renewal. This
endorsement will offer a
$15,000 limit with a $5,000
deductible. Future optional
higher limits are being
considered.
Conclusion
It is the position of Lockton Companies that the insurance
market should make available coverage options for SEF losses,
and we will continue to monitor the development of coverage
endorsements being offered in order to assess the best options
based on our clients’ unique needs and exposures. However, to
date, we are seeing limited insurance protection available for this
exposure.
© 2015 Lockton, Inc. All rights reserved.
\50\UF\Reference\Social Engineering Fraud\White Paper - SEF.pdf
Images © 2015 Thinkstock. All rights reserved.
4