December 21, 2017 Practice Points

Insurance Claims for Business Email Compromise Losses: Best Practices

Policyholders should remember that there currently are decisions favoring policyholders on this type of coverage, and should consider responding to denials or limitations on coverage accordingly

by Scott Godes

While data breaches and ransomware attacks have continued to be splashed across the news, a quieter, but just as dangerous, form of cyberattack has been business email compromises and social engineering fraud. These cyberattacks can take many forms, all of which ultimately result in money being wired to fraudsters.

In some instances, the fraudster poses as an employee, sending an email that looks like it came from the employee’s account, and duping someone else at the company into wiring money to the fraudster. A variation of that is a fraudster posing as a vendor of the policyholder, telling the policyholder that the vendor has changed bank accounts for payment of invoices, resulting in the policyholder making payment to a fraudster’s account and the actual vendor going unpaid. The latest variation of this type of attack involves hackers who actually gain access to the policyholder’s email accounts, sending emails directly from the policyholder’s account, and directing wires and other payments to be made to fraudsters.

Premium Content For:
  • Litigation Section
Join - Now