With the new “normal” we are living in due to COVID-19, we are all working more from home relying more heavily on email to communicate to our employees and customers. Because of this, we are seeing an increase in the use of electronic communication to attempt to fraud our clients. In an effort to continue to sell products or services and keep revenue flowing, a business might be more willing to accept orders via email and extend credit or ship products to new clients or hackers posing as current clients.
Fraudulent Email Order
The ABC Co. processed two orders via email correspondence from an employee of Sample, Inc. ABC Co. had processed orders in the past for Sample, Inc. primarily through in-person ordering and on-site payment. The email correspondence was from a different contact located at a different location of Sample, Inc. Since Sample, Inc. was a regular customer the orders were processed even though they were from a new contact named Mr. Smith.
Two separate orders for widgets were fulfilled and shipped. After payment wasn’t received ABC Co. contacted Sample, Inc. via phone where they confirmed those orders were not placed by them nor did they have an employee named Mr. Smith. The email orders were fraudulent.
Is this type of situation covered by insurance?
Unfortunately, crime policies do not cover this type of scenario. Crime policies usually cover Employee Dishonesty, but this example did not have employee dishonesty. A Crime policy might also include Computer Fraud, which is the use of any computer to fraudulently cause a transfer of Money, Securities or Other Property from inside a Premises or Financial Institution to an anonymous entity, rather than the intended one, but coverage doesn’t apply to Business Risk like this claim highlights. In this case the first contact was made by email, but several other contacts after the first emails were made by phone as ABC Co. tried to determine if this was actually coming from their previous known client.
Cyber policies sometime will have Computer Fraud and Funds Transfer Fraud sublimits available for purchase. These coverages with be part of a Cyber Crime section of the policy, but have the same or similar verbiage as the Crime Policy. No help again for Business Risk like our example.
Social Engineering Fraud
Social Engineering Fraud coverage is limited to a direct loss from having transferred, paid or delivered, Money or Securities directly caused by a social engineering fraud, as that term is defined under the Policy. Social Engineering means the intentional misleading of an Employee by a person purporting to be an Authorized Person (President, VP, CFO, HR Director), an Employee, Vendor or Client through the use of Communication. It does not cover Other Property. Other Property in the policy refers to tangible property, other than Money and Securities that has intrinsic value. Intrinsic value refers to the real or actual value of a security, stock, or company. In the example, a physical item was transferred not money.
As we review the possible coverages that could provide protection for this scenario we find that this risk is most likely considered a Business Risk. A Business Risk is a risk of loss closely tied to the way of doing business and it is typically not the subject of insurance coverage. These types of risk are usually built into the cost of doing business and a level of protection is created through loss control policy or procedures.
It is a risk of how much does one trust a new customer or electronic order? Know your client, require up-front payment for the first few transactions, extend credit, or allow payment via credit card prior to shipping or transfer of your goods. If a regular client emails you an order for unusual products or larger unit counts than normal, call or email your client using your contact list instead of just replying or calling the number on that fraudulent email. Don’t be in such a hurry to fulfill a sale because you are desperately wanting some revenue during this crazy time.
We’re Here for You
We’re here for you to discuss your specific coverages and questions as we navigate and adjust to the COVID-19 pandemic.