(Article from Insurance Law Alert, February 2021)
For more information, please visit the Insurance Law Alert Resource Center.
An Arizona appellate court ruled that an email spoofing scheme constituted three separate occurrences under the policy’s Computer Fraud endorsement. AIMS Ins. Program Managers, Inc. v. National Fire Ins. Co. of Hartford, 2021 WL 408874 (Ariz. Ct. App. Feb. 4, 2021).
Criminals accessed an employee’s email account in order to fraudulently intercept payments from AIMS to one of its vendors. The criminals used counterfeit domain names similar to the vendor’s domain name and opened accounts at the vendor’s bank. Thereafter, the thieves intercepted emails between AIMS and its vendor and replaced them with fraudulent emails directing AIMS to wire payments to the thieves’ accounts. After the fraud was discovered, AIMS sought coverage under a business property policy. National paid $10,000—the policy limit for a single occurrence under a Computer Fraud endorsement but denied coverage under a Forgery and Alteration endorsement. In ensuing coverage litigation, an Arizona trial court granted National’s summary judgment motion.
The appellate court affirmed in part and reversed in part. The appellate court agreed with the trial court that the Forgery and Alteration endorsement did not cover the fraudulently induced wire transfers. The endorsement insured against loss resulting directly from forgery or alteration of “any check, draft, promissory note, bill of exchange, or similar written promise, order or direction to pay a sum certain money.” The court rejected AIMS’s contention that the invoices attached to the fraudulent emails were “similar . . . order[s] or direction[s] to pay a sum certain money,” explaining that the attached invoices were not “of the same nature” as checks, drafts, promissory notes or bills of exchange.
However, the court ruled that the fraud constituted three separate occurrences under the Computer Fraud provision. Although the policy did not define “occurrence,” the court held that each act of fraud—namely each counterfeit demand for payment—was a distinct “causative act.” The court explained:
Each email package represented a separate fraudulent payment demand, and each resulted in a separate wire transfer by AIMS, the victim of the fraud. In the language of the computer fraud endorsement, each of the three wire transfers “result[ed] directly from” a separate and distinct fraudulent payment demand by the thieves.
In so ruling, the court rejected National’s contention that there was just one occurrence because the loss was caused by a single continuing fraudulent scheme. The court distinguished cases in which “occurrence” was defined to include continuous conditions or where the policy included other verbiage indicating that multiple claims may be treated as a single occurrence.