Hablamos Español Insurance Companies We Work With
Learning Center

Social Engineering Fraud: The Claim Your Crime and Cyber Policies Fight Over

By Richard Sweet. Reviewed by Richard Sweet. Updated July 7, 2026.

Already know you need this? Get a quote Compare your coverage →

A convincing email arrives, appears to come from a vendor or an executive, and asks someone on your team to send a payment or update banking details. They do it, believing it is real. The money lands in a fraudster’s account and it is gone. Now the question is which policy pays, and this is where firms find out that their crime policy and their cyber policy were both drafted to let the other one handle it. If you are still deciding whether cyber belongs in your program at all, do professional firms need cyber insurance is the starting point. This article is about the specific loss the two policies argue over.

Why this loss is different

Most theft coverage imagines a criminal taking money the firm did not agree to give up. Social engineering fraud is the opposite. Your employee sent the money, voluntarily, because they were deceived into believing the request was legitimate. Nobody necessarily broke into a system. A person was manipulated into authorizing a transfer. That single fact, that the money went out through a normal, approved payment process rather than a break in, is what makes the loss hard to place. It does not look like classic theft, and it does not require a classic breach.

The crime policy’s answer

A traditional crime policy is often built around loss where the criminal takes the money, employee dishonesty, forgery, and similar. A voluntary transfer induced by a spoofed instruction can sit outside that structure. Many crime policies now address social engineering, but frequently only by a specific endorsement, and often at a sublimit well below the policy limit. So the firm that assumes its crime policy simply covers wire fraud may find either no coverage or a fraction of the limit it expected. The base policy was not written with the deceived but willing employee in mind.

The cyber policy’s answer

Cyber looks like the natural home, since the scam arrived by email. But many cyber policies center on the breach, network security, and privacy exposure, and treat fraudulent fund transfers only by endorsement or at a sublimit. Because a social engineering loss may not involve any actual breach of your network, a pure impersonation and wire scam can fall outside the core cyber coverage as well. This is part of the broader pattern where cyber events slip between policies, which cyber exclusions in other policies covers across the whole program.

Caught in the seam

Put the two answers together and the problem is clear. The loss has a crime shape, money leaving through payments, and a cyber shape, a deceptive electronic message, and it fits neither cleanly. Each policy was drafted assuming the other might respond. Without a specific endorsement naming this exposure, the claim can land in the seam between them, and even where one policy does respond, a low sublimit can leave much of the loss uncovered. The scam is common. The default coverage is narrow. That gap is the whole problem.

Closing the gap before the wire

This one is fixable, but only in advance. Add a specific social engineering fraud or fraudulent instruction endorsement to whichever policy will carry it, and understand its sublimit and conditions before you need it. Know that some carriers require controls, such as callback verification on payment changes, as a condition of paying, which means your internal payment procedures and your coverage work together. The pairing that actually protects a firm is a documented verification process for any change in payment instructions, plus a confirmed endorsement sized to the exposure. Neither alone is enough. Together they turn a loss that two policies fight over into one that has a clear place to go.

Questions to ask your advisor

  • Do I have a specific social engineering or fraudulent instruction endorsement, and on which policy?
  • What is the sublimit for this exposure, and how does it compare to my full limit?
  • Does my coverage require callback verification or other controls before it pays?
  • If an employee is tricked into wiring funds, would crime or cyber respond first?
  • How do my payment approval procedures line up with what my policy requires?

The spoofed payment is one of the most common losses a professional firm faces, and one of the easiest to leave uncovered. A firm that confirms the endorsement, understands the sublimit, and backs it with a verification process is insuring the scam that actually happens, not the one the policies assumed away.

Want guidance first? Compare your coverage. Already know what you need? Get a quote.

What many people don't realize

The part that catches owners off guard

  • Social engineering fraud tricks staff into sending money voluntarily.
  • Crime and cyber policies can both point at each other.
  • Coverage often sits behind a low sublimit, not a full limit.
  • The distinction is who sent the money and how.
  • We check for a specific social engineering endorsement.
The Vantage Point

What we see most often

Firms think of a wire fraud loss as either a crime problem or a cyber problem, and insurers have built their policies so it can be neither by default. The money went out because an employee was deceived into sending it, and that voluntary transfer is exactly the seam both policies were drafted around.

What we see most often is a firm that assumes its crime policy or its cyber policy has this covered, without ever checking whether either includes a specific social engineering endorsement, and at what sublimit. The scam is common and the coverage is narrow, which is a bad combination to discover after the wire clears.

A real example

A firm received a convincing email that appeared to come from a known vendor, with updated banking details, and an employee wired a payment to the new account. The account belonged to a fraudster, and the money was gone.

The crime carrier pointed toward cyber, the cyber carrier pointed toward crime, and where coverage did exist it sat behind a low sublimit rather than the full limit. A specific social engineering fraud endorsement, confirmed in advance, would have given the loss a clear place to land.

Details changed to protect privacy. Shared to illustrate, not to promise an outcome.

Free, two-minute check

See where your coverage stands

Answer a few quick questions and get a clear read on your current coverage in about two minutes. We flag what is worth a closer look.

Compare your coverage
When to review

It may be time for a coverage review if:

  • Your firm sends or approves wire transfers or vendor payments
  • You have never confirmed a social engineering endorsement
  • You assume your crime policy covers wire fraud
  • You assume your cyber policy covers a spoofed payment
  • You do not know your sublimit for this exposure
Compare your coverage Get a quote
Frequently asked

Frequently asked

What is social engineering fraud?
It generally describes a scam where someone is deceived into voluntarily sending money or data, often through a spoofed email impersonating a vendor, executive, or client. The defining feature is that an employee authorized the transfer believing it was legitimate. No system was necessarily hacked. A person was manipulated.
Doesn't my crime policy cover stolen money?
It depends. Traditional crime coverage is often built around theft where the criminal takes the money, such as employee dishonesty or forgery. A voluntary transfer induced by deception can fall outside that, or into a low sublimit, unless a specific social engineering endorsement is added. Do not assume the base crime policy responds.
Wouldn't my cyber policy handle a spoofed email?
Not always. Many cyber policies focus on the breach, network security, and privacy, and some address fund transfer fraud only by endorsement or at a sublimit. Because no network was necessarily breached, a pure social engineering loss can fall outside the core cyber coverage too, which is how it lands between the two.
Why do both policies point at each other?
Because the loss has features of both and fits neither cleanly. The money left through a payment process, which sounds like crime, but the trigger was a deceptive electronic message, which sounds like cyber. Each policy was drafted with the other in mind, so without a specific endorsement the claim can fall into the seam between them.
How do I actually get this covered?
Generally by adding a specific social engineering fraud or fraudulent instruction endorsement, and by understanding its sublimit and conditions. Some carriers also require callback verification or other controls before they pay. Confirming the endorsement and the sublimit in advance, on whichever policy carries it, is what closes the gap.
RS
Written and reviewed by

Richard Sweet

Founder and Principal Advisor, Vantage Point Risk

Richard Sweet runs Vantage Point Risk, an independent insurance and risk advisory for property owners, real estate investors, business owners, and families. He works with investors every week on the coverage decisions that decide how a claim actually turns out, and writes the Learning Center to put those decisions in plain language.

Reviewed for accuracy by Richard Sweet. Last updated July 7, 2026.

Richard also writes The Vantage Point, notes on building a better business.

This article is general education about insurance and risk, not legal advice. Social engineering, crime, and cyber terms, endorsements, sublimits, and conditions vary widely by policy and carrier. Confirm how your own coverage treats fraudulent transfers with a licensed advisor before relying on it.

Compare your coverage

It's not a quote. It's a real review.

Answer a few quick questions and get a clear read in about two minutes. We will flag what is worth a closer look, and you can hand us your current policy if you want us to dig in. No pressure, no obligation.

We review your current coverage for gaps and overlaps
We compare the market to see if you are overpaying
We tell you what is actually worth changing, and what is not
You get clear answers, even when you are already covered well