Trisura Guarantee Insurance is on the receiving end of a lawsuit, with the plaintiff – a global law firm – claiming that the insurer owes it US$1.7 million.
According to the recent decision of an Ontario Superior Court judge, an associate of Dentons Canada LLP was tricked into transferring $2.5 million into a fraudulent bank account in Hong Kong, instead of using the cash to clear the mortgage on a client’s property, as part of an alleged “social engineering” fraud.
While the law firm managed to recoup about US$800,000, it was unable to claim for its net loss under a computer fraud rider with Trisura. The insurer refused to cover the loss, claiming that the incident was not covered since the act of transferring the funds itself was not fraudulent.
Trisura also stated that Dentons had turned down a social engineering fraud rider it had offered the law firm, and that other exclusions in its policy applied.
The insurer’s refusal to pay for the loss pushed Dentons to apply for a declaration that Trisura had breached its policy. In response, Trisura moved to convert the application to an action. Dentons countered by narrowing its application to call for an advisory opinion on the interpretation of the computer fraud rider.
Ontario Superior Court Justice Carole Brown on December 11 ruled in favour of Trisura.
“Determining the advisory question, at this juncture is not, in all circumstances, an expeditious or efficient use of judicial time and resources,” the judge wrote in her ruling, explaining that an action would deliver a full factual matrix, and thus allow the court to make a more informed decision.
Brown’s decision outlined that, on the day of the transfer, emails allegedly from the mortgage holder client of Dentons asked for funds to be sent to an international account – instead of the client’s real account, whose details were previously provided to the law firm. The fraudulent emails claimed that there was an audit going on at its Canadian bank provider. After requesting and supposedly receiving letters of authorization, Dentons finally wired the cash to the Hong Kong bank account, discovering days later that the real mortgage holder was still waiting for the transfer.
“I wish I could say this was unique, but it’s not. We see it in multiple industries, where it looks like legitimate emails have been received at the last minute from CEOs who are travelling and otherwise unreachable,” Jason Green of digital investigation and cybersecurity company Hexigent Consulting told Law Times.
“Once the money has been sent, it’s very hard to trace, because you’re dealing with law enforcement in several jurisdictions.”