How to combat the alarming trend of social engineering fraud

Your CFO gets an email from one of your international vendors. It says, “We’ve made a few changes and we’re switching banks. Here is our new SWIFT (international routing) code and account number. Please remit all future payments here.”
The email is from somebody the CFO recognizes with the right logo and email signature. He or she forwards the message to whoever will make the necessary changes to your online system, and the next time you need to make a payment to that vendor, your company uses the new information.
About a month later, your CFO gets an email from the company, asking why you haven’t paid them. He or she sends the record. Your international vendor says, “That’s not my account number.”
So, if the money is gone, you’ll want to make a claim on your crime policy. In nearly every case, however, your policy will exclude the claim because it was voluntary parting.
Smart Business spoke with Richard B. Hite, CEO of SeibertKeck Insurance Agency, about a new kind of crime endorsement that can provide coverage for social engineering fraud that is hitting an increasing number of companies.
What is social engineering fraud?
Social engineering fraud is deceptively gaining the confidence of an employee to induce him or her to part with money or securities. The fraudulent party might pose as a trusted vendor, client or employee through the act of phishing — sending emails from what appears to be a reputable source.
Why doesn’t a standard crime policy cover voluntary parting?
There is a voluntary parting exclusion in nearly every crime and/or property policy. Voluntary parting is when you willing give your property and/or assets away. Even if you were tricked into doing so, by voluntarily giving this away, an insurance company typically won’t cover your claim. For example, the carrier will say that you should have investigated and confirmed before changing that billing information.
Most businesses have some kind of crime insurance. They may not have enough or the right type, but they have a crime policy. It’s only when they go to actually use it that they find out how little it actually covers because it wasn’t written correctly.
Again, even if you buy standard computer fraud coverage on your crime policy, which is becoming more widespread, it won’t cover an instance that involves voluntary parting through social engineering fraud.
Who is being affected by this kind of fraud?
Social engineering fraud is an alarming trend; at our office, two claims have been filed in the past 60 days.
Even if your company conducts vendor background screenings, employs fraud detection systems, segregates financial duties and educates employees on how to detect fraud, it still may fall victim.
Smaller companies may lack proper financial or wire transfer controls, while large companies don’t always keep as close an eye on every single financial transaction.
For instance, your company’s accounts payable manager receives an email from a familiar overseas supplier. Your manager tries unsuccessfully to reach the bank, and the supplier’s emails asking you to pay the invoice become more urgent. Finally, in order to keep the supplier happy, the manager wires the money. Then, the next day, the real supplier calls in a panic and says it has been hacked.
How are insurance companies responding?
Carriers are starting to offer businesses the ability to buy an endorsement that fully carves back the voluntary parting exclusion for social engineering fraud. This is in response to the increasing number of claims being uncovered through a traditional crime policy.
With a full carve back, there is still a standard of proof but it allows your coverage to trigger in the event that you or your employees are duped or defrauded.
Some policies may include language that could stretch to cover this same type of claim, but voluntary parting will still be a burden to the insured.

This fraud is a trend that is only going to escalate in the business world, so ask your broker today about better protecting your company from social engineering fraud.

Insights Business Insurance is brought to you by SeibertKeck