Fraudulent Instruction Loss Caused by Social Engineering Scheme Does Not Trigger Computer Fraud Coverage Under Commercial Crime Policy

August 9, 2017

A Michigan federal district court has held that a fraudulent instruction loss caused by a social engineering scheme did not constitute a “direct loss” that was “directly caused by computer fraud” and therefore did not trigger computer fraud coverage under a commercial crime policy.  American Tooling Ctr., Inc. v. Travelers Cas. & Sur. Co. of Am., 2017 WL 3263356 (E.D. Mich. Aug. 1, 2017).

The insured, a manufacturer, sent an email to a vendor requesting copies of all outstanding invoices.  In response, the insured received an email purportedly from the vendor, but the email was actually from a fraudster.  The fraudster’s email included new banking instructions.  Without verifying the changed instructions, and after confirming that the work claimed on the invoices was due and owing, the insured initiated payments totaling $800,000.  It later learned of the fraud but was unable to recover the payments.  The insured sought coverage under the computer fraud coverage section of its commercial crime policy, but the insurer denied coverage.

In ensuing coverage litigation, the district court granted summary judgment in favor of the insurer.  The relevant insuring clause provided coverage for “direct loss . . . directly caused by Computer Fraud.”  “Computer Fraud” was in turn defined to include “[t]he use of any computer to fraudulently cause a transfer.”  In ruling for the insurer, the court determined that the intervening events between the insured’s receipt of the fraudulent emails and its authorized transfer of funds meant that it did not suffer a “direct” loss “directly caused” by the use of any computer.  The court also concluded that while fraudulent emails were used to impersonate a vendor and dupe the insured into transferring funds, those emails did not constitute the “use of any computer to fraudulently cause a transfer” because there was no infiltration or hacking of the insured’s computer, and because those emails did not directly cause the transfer of funds (which instead were transferred based on the insured’s authorized instructions).  For those reasons, the court ruled that there was no coverage for the loss, and it granted summary judgment in favor of the insurer.

Tags

Wiley Executive Summary

Sign up for updates

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek