Are your clients covered for social engineering fraud?
Brokers should not assume that a client who has bought a cyber or crime policy is covered for the risk of innocent employees who are duped into making fraudulent money transfers.
In August 2010, two Brick employees were contacted by people claiming to be from a supplier, Toshiba. One Brick employee indicated that Toshiba was changing its bank account to the Royal Bank of Canada. The bank account did not actually belong to Toshiba, but rather a victim of fraud, who was duped into transferring money to someone else.
The Brick changed Toshiba’s banking information. As a result, more than $300,000 was paid into the RBC account before The Brick discovered the fraud and reported it to policy. The Brick was able to recover about $114,000 and filed a claim of about $224,000 with Chubb.
Chubb denied coverage for the claim. In the policy Chubb wrote for The Brick, Chubb defined funds transfer fraud as “the fraudulent written, electronic, telegraphic, cable, teletype or telephone instructions issued to a financial institution directing such institution to transfer, pay or deliver money or securities from any account maintained by an insured at such institution without an insured’s knowledge or consent.”
Anne Juntunen, an associate with Lerners LLP, which represented Chubb, said the insurer’s wording for the crime policy written for The Brick is “fairly close to the standard wording” in commercial crime policies.