We have all seen them. The Nigerian Prince who needs your help to get the $24 Million from his country and will share the bounty with you. You think, “who would fall for such a scheme?” However, someone must take the bait, or it would not keep showing up in your inbox.
A more sophisticated version of the same scam involves hacking of a business website, harvesting information, and sending an internal email with an invoice asking that an invoice be paid. If everything else looks to be correct, the invoice is paid. When the fraud is discovered, the question becomes whether your insurance policy will reimburse the loss.
A comprehensive general business liability (CGL) policy will normally provide coverage for theft from the business. That situation typically involves a thief who takes something from the business. It might be a break-in at a warehouse to remove hard goods or it might be some accounting chicanery to get money from a bank account. A CGL policy is normally going to provide for reimbursement in either of those situations.
The scam described above involves a theft of information – the identities, email addresses, and internal workings of the company. The loss of monies – by paying the fake invoice – does not involve a theft because it was a voluntary payment. It was not an unpermitted taking because the business made a voluntary payment to the thief. The typical business policy does not provide reimbursement for payments that were voluntarily made. The policy may even exclude coverage for voluntary payments made by the business.
Insurers do sell special riders or endorsements to provide coverage in the situation where the business unknowingly makes voluntary payments as described above. You should check your policy or contact your insurance agent to determine whether or not you are covered.
On a side note – check with your IT provider to make sure you do everything you can to avoid having your website hacked and have regular reviews done to determine whether your site has been attacked.