Social engineering creates $1.8 Million dispute

Dentons Canada LLP is locked in a $1.7 Millon dispute with its insurer after staff at the firm’s Vancouver office fell victim to an alleged social engineering attack.

Here is an extract from the article with a link to the full article below: “According to Ontario Superior Court Justice Carole Brown’s recent decision in Dentons Canada LLP v. Trisura Guarantee Insurance Company, an associate at the firm was duped into transferring $2.5 million intended to clear the mortgage on a client’s property into a fraudster’s Hong Kong bank account as part of an alleged “social engineering” fraud.

Transfer of funds not fraudulent

Although the law firm managed to recover around $800,000, it made a claim for its net loss under a computer fraud rider to its policy with Trisura. But the insurer refused to pay out, claiming that the incident was not covered because the transfer of funds itself was not fraudulent.

In addition, the insurer noted that Dentons had turned down the opportunity to add a social engineering fraud rider offered by Trisura, and claimed other exclusions in the policy applied.

That prompted the law firm to apply for a declaration that the insurer is in breach of its policy and has a duty to pay up. Brown’s decision came when Trisura moved to convert the application to an action, and Dentons responded by narrowing its application to call for an advisory opinion on the interpretation of the computer fraud rider. Her Dec. 11 ruling went in favour of Trisura.

Fraudsters getting more and more creative

“Determining the advisory question, at this juncture is not, in all circumstances, an expeditious or efficient use of judicial time and resources,” the judge wrote, noting that an action would deliver a full factual matrix, allowing the court to make a more comprehensive determination of the issues.

Nina Bombier, a partner at Lenczner Slaght Royce Smith Griffin LLP who acted for Dentons, says the court missed an opportunity to flesh out Canada’s extremely limited caselaw on coverage in the context of these types of fraud.

“In our view, it would have been more efficient to get an initial interpretation of the computer fraud rider, because if it isn’t broad enough to cover what happened here, then everything else ends,” she says. “There is a bit of caselaw around this issue in the U.S. which cuts both ways, so it would have been helpful to get some law here. It’s an important issue, because with cyber security issues, the fraudsters are getting more and more creative all the time.”

In the 2017 Alberta case of The Brick Warehouse L.P. v. Chubb Insurance Company of Canada, the retailer was denied coverage under its crime policy after falling for a similar scam, but Bombier insists the breadth of the language in Dentons’ policy means her clients should be covered.

Cyber Safety Net is a KnowBe4 partner. Reposted with permission from https://blog.knowbe4.com/firm-in-1.7-million-dispute-with-insurer-because-of-social-engineering-fraud. Cyber Safety Net – keeping you safe online. See https://cybersafetynet.net/cyber-security-awareness-training/ to train and strengthen your human firewall. See https://youtu.be/UFpFesrcnvY and https://www.knowbe4.com/security-awareness-training-features/ to learn more.