Social Engineering Toolkit
As of 2024, your professional liability policy covers you to a sublimit of $250,000 in the event a claim arises out of a social engineering fraud.
To avoid being out of pocket for potentially thousands of dollars, take a few steps to protect yourself and extend your social engineering coverage to the standard $1 million limit per claim.
What is Social Engineering?
In general terms, social engineering is a fraud that is perpetrated by deceiving a target into revealing information or taking action for illegitimate reasons. It is often associated with phishing or email impersonation and leads to incorrectly wiring funds or transferring property.
Mandatory steps to go from $250,000 to $1 million insurance coverage:
1) Retainer Instructions: Include written instructions in a retainer or other agreement for the receipt, release, and transfer of any funds or assets.
2) Advise of no expected changes: Advise in the written retainer not to expect any changes to instructions from you or your firm for the transfer of funds or assets.
3) Confirm any changes by telephone or meeting:
- Advise in the written retainer that, should there be changes for the transfer of funds or assets, the client (or another party to which you owe a duty of care) should immediately contact you by way of a telephone number specified in the written retainer or other agreement.
- If you or your staff receive any changes to the contact information or instructions for the transfer of funds or assets, confirm them by either calling using contact information previously confirmed to be that of the client (or another party to which you owe a duty of care) or by meeting with them.
4) Updated Information: Maintain in writing any updated contact information for a client (or another party to which you owe a duty of care) AND any updated instructions for the transfer of funds or assets.
Wiring Funds Checklist: Use this checklist for every transaction that involves wiring funds from your trust account
Frequently Asked Questions: See the commonly asked questions about the social engineering policy requirements.
FOR FILES THAT ARE ALREADY OPEN:
We highly encourage you to send your client a revised retainer letter or an addendum to the current retainer agreement you have in place. At the minimum, we suggest you send the following reminder: “Funds transfer fraud is on the rise. Please note, we will never email you with a request to change or update any banking or transfer information. If you receive a request like that by email, please phone us immediately using a previously known number. In addition, if we receive any banking or transfer information from you, we will confirm this by independent means. If you have questions or concerns, please contact us.”