On March 31, 2026 the U.S. District Court for the Northern District of Mississippi released its decision in Gore, Kilpatrick & Dambrino PLLC v. Spinnaker Ins. Co. The Court interpreted the requirements of a Social Engineering Fraud (SEF) insuring agreement in a cyber policy in the context of a phony debt collection fraud perpetrated on the insured law firm.
The Facts
Gore, Kilpatrick & Dambrino PLLC (“GKD”) is a Mississippi law firm. On May 23, 2024 an individual representing himself to be David Casteel (the “Imposter”, utilizing the American spelling used in the policy and the decision) contacted GKD for the purpose of retaining it to collect a $158,850 debt allegedly owed to his company, Brooks Machinery, Inc., by Mid-Delta Equipment LLC. The Imposter was not Casteel and did not represent Brooks Machinery. Mid-Delta Equipment owed no debt to Brooks Machinery. The real Casteel never emailed GKD; never did business with Mid-Delta Equipment; and had no knowledge of the fraudulent transaction between the Imposter and GKD. GKD sent the Imposter a letter of engagement which the Imposter signed and returned on June 3, 2024. All written correspondence with the Imposter was via email.
Two days later, on June 5, 2024, GKD received correspondence allegedly from Mid-Delta Equipment, enclosing a cheque for $158,850 in payment of the purported debt owed to Brooks Machinery.
The Imposter, by phone and email, instructed GKD to deduct its attorneys’ fee from the amount deposited, and to wire the remaining balance to the Imposter. GKD wired $158,425 to the account specified by the Imposter. On June 10, 2024 the purported Mid-Delta Equipment cheque was returned unpaid.
The SEF Insuring Agreement
GKD maintained a cyber policy issued by Spinnaker Insurance Company. The policy included SEF coverage. SEF coverages were first introduced as part of crime policies in the United States in 2013 and in Canada in 2014. Soon thereafter, some cyber insurers began adding SEF and other traditional crime coverages to their forms.
The SEF insuring agreement provided that Spinnaker would “pay for a Social Engineering Loss resulting directly from a ‘Social Engineering Incident.” “Social Engineering Incident” was defined as:
Social Engineering Incident means the intentional misleading of an Insured to transfer Money to a person, place or account beyond the Named Insured’s control resulting directly from the Named Insured’s employee’s good faith reliance upon an instruction transmitted via email, purporting to be from:
i. a natural person or entity who exchanges, or is under contract to exchange, goods or services with the Named Insured for a fee … or
ii. an employee of the Named Insured;
but which contained a fraudulent and material misrepresentation and was sent by an imposter.
Spinnaker moved under Fed. R. Civ. P. 12(b)(6) to dismiss the action for failure to state a claim upon which relief can be granted. This rule is analogous to rule 21.01(1)(b) of Ontario’s Rules of Civil Procedure. Spinnaker’s position was that its SEF coverage contained the following necessary elements:
To qualify as a Social Engineering Incident under the Social Engineering Endorsement, the following requirements must be met:
(1) the insured must be intentionally misled to transfer money,
(2) by an instruction transmitted via email,
(3) purporting to be from a natural person or entity who exchanges, or is under contract to exchange, goods or services, with the insured for a fee,
(4) which contained a fraudulent and material misrepresentation, and
(5) but was sent by an imposter.
Spinnaker’s view was that, at the very least, the third element was not met, because the real Casteel had no contract to exchange goods or services, with GKD for a fee:
The defendants maintain these requirements are not satisfied because ‘[GKD] had no contractual relationship with the real David Casteel or Brooks Machinery,’ so ‘the email did not ‘purport to be from’ a legitimate business partner,’ and ‘[t]he policy language, read as a whole … does not permit coverage where the fraudster is both the purported counterparty and the imposter.’ [emphasis added]
The Decision
The Court granted Spinnaker’s motion and dismissed GKD’s action. As the real Casteel had never been a client of GKD, the Court noted that GKD was essentially trying to “have it both ways” by arguing that the Imposter impersonated Casteel, while also asserting that the Imposter executed the retainer agreement with GKD, thereby becoming GKD’s “client”. The Court’s analysis is instructive:
Under the policy, a Social Engineering Incident occurs when the transfer of money “result[s] directly from the Named Insured’s employee’s good faith reliance upon an instruction … purporting to be from … a natural person or entity who exchanges, or is under contract to exchange, goods or services with the Named Insured for a fee … but which contained a fraudulent and material misrepresentation and was sent by an imposter.” [GKD] does not identify which aspects of the Social Engineering Incident provision are ambiguous or offer any explanation for why said provision is ambiguous. The language of the policy clearly states that for a Social Engineering Incident to occur, an imposter must instruct the insured to transfer funds while purporting to be a person who exchanges or is under contract to exchange goods or services with the insured for a fee. Because the Court finds that this language is clear and unambiguous, it will apply the policy language as written to [GKD] ‘s claim.
Here, the real Casteel is not a person who exchanges or is under contract to exchange goods or services with [GKD] for a fee, because he is not and has never been [GKD]’s client. Accordingly, that the Imposter purported to be Casteel when he gave the instruction to transfer funds does not bring the conduct within the definition of a Social Engineering Incident. Though [GKD] characterizes the Imposter as its client because the Imposter signed and returned the fee agreement, the Social Engineering Incident provision cannot be reasonably interpreted to cover the fraudulent transaction alleged in the complaint because the instruction to transfer money cannot have been sent by an imposter purporting to be a client if the individual giving the instruction is the client. [emphasis added]
Conclusion
Gore, Kilpatrick & Dambrino is notable for two reasons. First, for those insurers’ SEF coverages which include client, customer or counterparty language, the decision reinforces the importance of carefully analyzing the facts to ascertain whether an individual clearly meets the requirements of such language. The circumstances of GKD’s loss did not meet branch (i) of the SEF Incident definition, as GKD had no pre-existing retainer with Casteel or Brooks Machinery. GKD then asserted that it was the Imposter that met branch (i), but the Court observed that the language was not satisfied where the fraudster is both purported counterparty and imposter.
Second, Gore, Kilpatrick & Dambrino reflects a growing trend of “traditional” crime coverages being added to cyber forms. In view of its much longer history (with roots stretching back to the 19th century), the crime policy has given rise to a significant body of jurisprudence. Familiarity with those legal principles is essential in analyzing crime claims on cyber forms. Further, as more cyber policies add coverage for risks such as SEF, it is incumbent on crime insurance claims professionals to canvass possible overlapping coverage arising from cyber policies issued to their insureds.
Gore, Kilpatrick & Dambrino PLLC v. Spinnaker Ins. Co., 2026 U.S. Dist. LEXIS 69567 (N.D.Miss.)