In the past six months alone, three of our clients have experienced an online theft caused by virtually identical circumstances. Each theft exceeded $100,000 and the circumstances in each were almost the same.
The theft is deceptively simple.
In each case, the firm’s controller received what looked like an entirely legitimate email from a trusted email address, directing the controller to email their bank to wire transfer funds to the client’s customer or vendor – except to transfer the funds to a new and/or changed account number, or a different routing number.
Trusting the email as legitimate, the controllers dutifully followed the instructions, emailed their bank to wire the funds to the ‘new’ account number, where the money immediately disappeared.
In two of these cases, NY based insureds received emails from their agents in China to wire the funds to mills in China using a new account number. In the third case, the false email instructions came directly from the President of the company to the controller to wire the funds to a supplier’s account in Canada.
The emails appeared normal in every way, except for the ‘new’ account number, so the controllers unsuspectingly followed the instructions and directed their banks to wire the funds to the thieves’ accounts. Somehow the thieves had hijacked a correct email address that the clients trusted and used that email to affect the theft.
The banks denied liability as they simply followed the instructions of the client.
Insurance coverage available for this crime is murky at best. In each case the insureds had purchased computer fraud and wire funds transfer coverage. Most of these coverage forms have similar wording that says the theft must have been initiated by fraudulent use of the insured’s computer to commit the crime. Since the insureds own computers were allegedly not used to commit the crime (the thieves did not directly cause the computer to send the wire instructions), the insurers involved did not willingly accept the losses as covered. In addition they cite the ‘voluntary parting of property’ exclusion (we are arguing and challenging these denials).
We understand this type of theft is now rampant, and the majority of them arise from China, Hong Kong, and Taiwan. But we had one originate from within the United States and this type of theft will surely spread globally.
We urge you to review your procedures for accepting wire instructions from anyone. Put in place a failsafe system that requires verification by phone or other method to be certain that the instructions are legitimate. And talk to your Sobel Account Representative about computer fraud and wire transfer coverage.
If you have any questions or comments, please let us know.