Picture this situation: A member of your accounting team receives an urgent email that appears to come from the company owner. The message asks them to update a vendor’s payment instructions and wire the next invoice to a new bank account. Everything looks legitimate, including the name, the email signature. Even the tone sounds right, so they send the transfer right away. It’s important to be responsive.

Then the vendor calls asking why they haven’t been paid. It turns out the email was fake. The money is gone and cannot be recovered.

Unfortunately, situations like this one are becoming increasingly common in business. According to a report from cyber insurer Coalition, business email compromise (BEC) was the leading type of cyber incident in 2025, accounting for about 31% of all cyber claims, with fraudulent funds transfers close behind at 27%. 

Together, email-based fraud and funds transfer scams make up a significant share of cyber losses reported by businesses. While individual BEC incidents often involve smaller losses than ransomware, they occur far more frequently and can still cost organizations tens of thousands of dollars per event. The data highlights a clear trend: email-based social engineering attacks are now one of the most common ways criminals steal money from businesses.

Many company owners are shocked when they call their insurance agent only to learn their general liability policy won’t cover these types of losses. Understanding why requires knowing the difference between computer fraud, social engineering scams, and the types of business insurance that respond to each.

The Rise of Business Email Scams

Fraudsters are getting better at impersonating executives, vendors, and financial partners. These scams are often referred to as:

• Business Email Compromise (BEC)

• Vendor impersonation scams

• “Fake boss” or executive impersonation attacks

Instead of hacking into a system, criminals manipulate people into sending money voluntarily. Once the funds are wired, recovering them is extremely difficult.

According to federal law enforcement reports, business email compromise is one of the most costly forms of cybercrime affecting companies today. The Federal Bureau of Investigation website specifically states:

Business email compromise (BEC) is one of the most financially damaging online crimes. It exploits the fact that most of us rely on email to conduct both our personal and professional business.

Computer Fraud vs. Social Engineering: What’s the Difference?

Not all digital fraud works the same way, and insurance policies treat them differently. Understanding the differences is important in order to ensure you have adequate coverage for your business.

Computer Fraud (Hacking)

Computer fraud typically involves unauthorized access to a company’s systems. For example:

• A hacker gains access to your accounting software.

• They initiate a transfer themselves.

• Funds are stolen directly from your system.

Because the system itself was compromised, some cyber liability policies or crime policies may respond.

Social Engineering (Human Manipulation)

Social engineering scams work differently because the criminal does not hack your system.

Instead, they trick an employee into sending money voluntarily by posing as someone the employee trusts like a boss, vendor, or bank.

In the eyes of many insurers, the employee authorized the transfer, even though they were deceived. That distinction matters when a claim is filed.

Why General Liability Won’t Pay

Many business owners assume their General Liability (GL) policy covers any type of financial loss related to their operations. Unfortunately, that’s not the case. A GL policy is designed to cover third-party bodily injury, property damage, and certain advertising-related claims.

Examples include:

• A customer slipping in your store

• Property damage caused by your work

• A claim related to advertising or personal injury

A fraudulent wire transfer doesn’t fit into any of those categories. There is no coverage under a standard GL policy for things like stolen funds, fraudulent wire transfers, social engineering scams, or employee deception.  That’s why businesses are often caught off guard when these incidents occur.

The Coverage That Actually Applies: Funds Transfer Fraud

Protection for scams like the “fake boss” email usually comes from crime insurance or cyber liability coverage, specifically through Funds Transfer Fraud endorsements or Social Engineering Fraud coverage.

These endorsements may cover situations where:

• An employee is tricked into wiring funds

• A vendor payment is redirected to a fraudulent account

• A criminal impersonates an executive requesting a transfer

Coverage terms vary widely between policies. Some require verification procedures, while others limit coverage to specific types of transactions. That’s why it’s important to review your coverage before an incident occurs.

Why These Scams Are So Hard to Detect

What makes these attacks so effective is that they rely heavily on information that is already publicly available. Fraudsters often research company websites, LinkedIn profiles, vendor relationships, and even the formatting of employee email signatures to understand how an organization communicates. 

Using these details, they can craft messages that look and feel convincingly legitimate. In many cases, the success of the scam has less to do with hacking technology and more to do with exploiting human trust and everyday communication workflows within a business.

How Businesses Can Reduce the Risk

Insurance is only one part of the solution. Businesses can also reduce exposure by implementing simple safeguards such as:

• Requiring verbal confirmation for wire transfers

• Implementing dual approval processes for payment changes

• Training employees to recognize phishing and impersonation attempts

• Verifying vendor payment changes through a known phone number

Even small procedural changes can prevent significant losses.

Protecting Your Business from Modern Fraud

As digital scams evolve, businesses need to think about insurance in broader terms than traditional liability coverage. Cyber liability, crime insurance, and fraud endorsements now play a critical role in protecting against financial loss from modern scams.

If you’re unsure whether your insurance policies address risks like social engineering or fraudulent wire transfers, it may be time for a closer look. Reach out to Navisure Insurance Group to review your coverage with an experienced advisor who can help identify gaps and recommend solutions tailored to your business.