The court found there was no coverage for the property management company after a fraudster sent a false email with wiring instructions, causing a loss of $200,000. Ernst & Haas Mgmt. Co. v. Hiscox, Inc., 2020 U.S. Dist. LEXIS 218379 (C.D. Calif. Nov. 5, 2020).
Ernst & Haas (E&H) employee Krystale Allen, an accounts payable clerk, received an email from someone she thought was David Haas, a managing broker at E&H. However, the email was from an unknown person posing as Haas. The email attached an invoice for $50,000 to be sent to Zang Investments, LLC, which Allen processed and paid by wire transfer. Later, a second email from the imposter attached an invoice for $150,000 to be sent to Zang by wire transfer. Again, Allen facilitated the wire transfer. A third request from the imposter requested payment of $470,000 to be sent to Zang. Allen forwarded the third email to Haas to confirm its authenticity and discovered that Haas had not sent the email or the two prior payment requests.
E&H submitted a claim for $200,000 to Hiscox. The claim was denied and E&H filed suit. Hiscox moved to dismiss.
The policy covered computer fraud which required losses to result directly from the use of a computer to fraudulently cause the wire transfers. Here, E&H authorised its bank to initiate the wire transfers from its account, albeit through an unwitting employee. E&H did not allege that Allen was an unauthorised user or hacker, or that the imposter somehow subverted E&H's computer system in the transfer of funds to Zang. Therefore, the imposter's conduct did not constitute computer fraud under the policy because the wire transfers were authorised and the imposter's fraudulent emails did not directly cause the transfer of any funds.
The policy also covered losses resulting from a fraudulent instruction, defined as a "written instruction initially received by You which purports to have been transmitted by an Employee but which was in fact fraudulently transmitted by someone else without Your or the Employee's knowledge or consent." The emails from the imposter did indeed qualify as "fraudulent instructions." However, the provision only covered losses "resulting directly" from a fraudulent instruction "directing a financial institution" to transfer funds from an E&H account. Here, the imposter's emails did not direct a financial institution to transfer any funds. Rather E&H alleged that the imposter directed an E&H employee to process invoice payments by wire transfer. Therefore, E&H's losses did not "result directly" from the imposter's "fraudulent instructions" because the communications did not direct E&H's bank to transfer the $200,000 E&H seeks to recover
Therefore, Hiscox's motion for summary judgment was granted.
