Crime Policy Covers Wire Transfer Initiated by Spoofing
In a case that strikes fear in every business that handles wire transfers, employees were “spoofed” by fraudulent emails into wiring $5 million to an account they were led to believe was for an acquisition. The company had a crime insurance policy with a computer fraud provision and a $5 million limit for forgery, funds transfer fraud and computer fraud. The policy defined computer fraud as “the unlawful taking or fraudulently induced transfer of money, securities or property resulting from a computer violation.” The carrier denied the claim on the grounds that the email scheme did not amount to entry of data into or a change to the elements of the company computers; rather the policy applies solely to hacking-type intrusions. The insurer also argued the provision was not triggered because the spoof was not the direct cause of the loss since the company’s own employees made the transfer. The Second Circuit upheld the ruling that a commercial crime insurance policy covers wire transfer losses resulting from a spoofing attack.