top of page
Search

What Social Engineering Fraud Insurance Covers — and How One Email Led to a $95,000 Claim

Watch this quick breakdown of how a single fake email led to a $95,000 loss — and what every NJ business should know about social engineering fraud.

By Adam Overmyer, Owner — The Overmyer Insurance Agency (OIA)


It Started With a Simple Email…


A New Jersey professional services business received what looked like a routine email from their accountant. Same tone. Same signature block. Same wording they’d seen dozens of times.


The message said the State of NJ needed an urgent tax payment before penalties kicked in.

Nothing about it felt unusual.


They wired the money.


Nearly two years later, the business received a letter from the state:

“We have no record of your $95,000 payment.”


After an internal review, they discovered the truth:


The accountant never sent that email. The payment instructions were fraudulent. The $95,000 was wired to a criminal-controlled bank account.


No hacking.No malware. No system breach.

Just a carefully crafted impersonation email — and a small NJ business trying to do the right thing.


This is social engineering fraud — and it’s one of the most common cyber claims I see in New Jersey today.



What Is Social Engineering Fraud?


Social engineering fraud occurs when a criminal tricks someone inside your business into voluntarily sending money or confidential information.


It’s not a system hack.


It’s psychological manipulation.


Common examples include:


  • Fake vendor emails requesting “updated bank details.”

  • Spoofed executive emails (“Please wire this immediately…”)

  • Fraudulent tax payment requests

  • Fake invoices or ACH instructions

  • Scammers posing as accountants or attorneys

  • Criminals intercepting email threads and altering payment details


You might also hear it called:


  • Wire transfer fraud

  • Business email compromise (BEC)

  • Fraudulent funds transfer

  • Social engineering fraud insurance claim


Most importantly:


Many businesses think they’re covered… but the coverage varies significantly by policy.


Why Many Business Owners Think They’re Covered (But the Limits Vary)


Many business owners assume:

“If someone tricks us into wiring money, that’s cyber fraud — so it’s covered.”

But here’s the reality:


Standard cyber liability policies were originally built for classic cyber incidents:

  • Data breaches

  • Ransomware

  • Lost laptops

  • Malware

  • Network intrusions


Not for “voluntary” payments made under false pretenses, even when the criminal impersonates someone you trust.


Coverage for these scams often requires:


  • A specific social engineering endorsement, and/or

  • Fraudulent funds transfer coverage

  • Sometimes even both


Some Business Owners Policies (BOPs) include only very small limits (like $5,000) — not nearly enough for meaningful protection.


That’s why many small businesses don’t realize they’re underinsured until after a major incident.


Coverage You Actually Need (In Plain English)


To protect against these scams, businesses typically need one or more of the following:


1. Social Engineering Fraud Coverage

Covers losses when an employee is tricked into sending money.


2. Fraudulent Funds Transfer Coverage

Covers deceptive or unauthorized transfers initiated through manipulated instructions.


3. Business Email Compromise (BEC) Coverage

Covers impersonation scenarios where criminals pose as executives, vendors, or employees.


4. Computer Fraud Coverage

Covers losses caused by unauthorized access or malicious code initiating the transfer.

Most cyber policies do not automatically include all of these — they must be added.


Common Social Engineering Scams I See in NJ


Here are scenarios I regularly encounter across New Jersey:


• Vendor Bank Account Change Scam

A criminal impersonates a vendor, providing “updated” banking details. The payment goes to the scammer.


• Fake Executive or Owner Email

A spoofed email from a CEO or owner asks for an urgent wire transfer.


• Fake Accountant or Tax Payment Instructions

Criminals impersonate accountants and request “urgent” tax payments. This mirrors the $95,000 incident above.


• Real Estate & Law Firm Wire Fraud

Criminals monitor email threads and alter wire instructions for closings.


• Payroll Redirect Fraud

A scammer impersonates an employee, asking HR to update their direct deposit information. Payroll goes to the criminal.

None of these requires hacking — just deception.


Why Cyber Carriers Are Cracking Down (And What They Look For)


Social engineering claims have surged from 2022 through 2025.

Carriers responded by tightening requirements, including:

  • Multi-Factor Authentication (MFA) on email

  • Employee cyber awareness training

  • Callback verification procedures

  • Dual approval for large transfers

  • DMARC/SPF email authentication

  • Vendor verification protocols


Claims may be limited — or denied — if these controls aren’t in place.


How Much Does Social Engineering Coverage Cost in NJ?



Typical annual ranges:


  • $50K–$100K limits: $150–$350

  • $250K–$500K limits: $300–$900

  • $1M limits: $1,000–$3,000+ depending on industry & controls


Pricing depends on:

  • Industry

  • Amount of money transferred

  • Prior claims

  • Security controls

  • Employee count

  • Annual revenue


For most NJ businesses, it’s a small cost compared to the catastrophic financial damage of an uncovered or underinsured loss.


Quick Self-Check: Could This Happen to Your Business?


Ask yourself:


  • Do we send wires or ACH payments to vendors?

  • Have we ever received a suspicious email?

  • Do employees approve or initiate payments?

  • Do we rely on email for payment instructions?

  • Do we handle legal, financial, or high-value transactions?

  • Do we have dual approval policies in place?

  • Do our employees receive cyber awareness training?


If you answered yes to even one of these, you have exposure.


Not Sure If Your Business Is Protected? I Can Review Your Policy.


Many New Jersey businesses don’t realize:


  • They lack social engineering coverage

  • Or they have only minimal limits (such as $5,000 on a BOP)

  • Or their policy requires specific controls to activate coverage


If you want clarity, I’ll review your cyber policy at no cost and explain exactly what is — and isn’t — covered.


Get a Social Engineering Coverage Quote

→ Contact The Overmyer Insurance Agency (OIA) to review your cyber policy or request a quote tailored to your business.



Frequently Asked Questions About Social Engineering Fraud Insurance


1. What is social engineering fraud insurance?


Social engineering fraud insurance protects a business when an employee is tricked into sending money or confidential information to a criminal posing as a trusted contact. It covers losses from fake emails, fraudulent payment instructions, impersonation tactics, and manipulated wire transfers.


2. Does cyber insurance cover wire transfer fraud?


Some cyber insurance policies include coverage for wire transfer fraud, but not all. Coverage may require a specific endorsement such as social engineering fraud, fraudulent funds transfer, or business email compromise coverage. Limits can vary widely between cyber policies and Business Owners Policies (BOPs).


3. What is the difference between social engineering fraud and a traditional cyberattack?


A traditional cyberattack involves hacking, malware, or unauthorized access to a system.Social engineering fraud relies on deception, tricking someone inside the business to voluntarily send money or information — often through emails or impersonation. No system breach is required.


4. How much does social engineering fraud insurance cost?


Coverage is generally affordable. Most NJ businesses can expect:

  • $50K–$100K limits: $150–$350 per year

  • $250K–$500K limits: $300–$900 per year

  • $1M limits: $1,000–$3,000+ per yearCosts vary based on industry, number of employees, transfer frequency, and required security controls.


5. Is social engineering fraud coverage included in a Business Owners Policy (BOP)?


Some BOPs provide very limited fraudulent funds transfer coverage — often $5,000 or less. This may not be enough for most businesses. Larger protection usually requires adding a cyber policy or a dedicated social engineering endorsement.


6. Do NJ small businesses need social engineering fraud insurance?


Yes. Any business that pays vendors, sends wires or ACH transfers, handles sensitive financial data, or uses email for payment instructions is at risk. Social engineering fraud is now one of the most common cyber-related claims in New Jersey.


7. What steps can a business take to prevent social engineering attacks?


Carriers increasingly require:

  • Multi-factor authentication (MFA)

  • Dual approval for financial transfers

  • Callback verification procedures

  • Employee cyber training

  • Email authentication (SPF, DKIM, DMARC)

  • Vendor verification controls


Implementing these safeguards reduces risk and helps ensure coverage is active if a loss occurs.

Comments

bottom of page