Hackers Targeting Insurance Agents

You can now listen to this article
Voiced by Amazon Polly

I heard reports this week that hackers are targeting insurance agencies to obtain passwords to access client information. I viewed one statement from an insurance company sent to their agents titled “Hacking Activity Alert!”

insurance hackers

They went on to describe that they have been “hearing from multiple consumer reporting companies about an increase in hacking activity targeting independent insurance agencies.”

It appears that:

  • Hackers have been systematically tracking and collecting the email addresses of insurance agency employees.
  • They are now targeting the passwords used by insurance agency employees, and data shows that in some cases, passwords can be acquired.
  • When successful, hackers can access the quote applications.
  • Phishing emails are sent to consumers using false company identity, email address, and insurance company logos to collect additional information.

Make sure your staff is aware of possible indicators of an intrusion:

  1. Avoid password reset requests that you did not initiate.
  2. Unusual online quote activity during non-office work hours (9 pm – 4 am, for example).
  3. Hundreds of quotes attributable to a single employee ID in one day.
  4. Continue to be careful about emails that have links or attachments from unknown sources.

Take These Steps

Steps you can take to make hacking your systems more difficult:

  1. The agency should be using a password management program for every computer in the office (or at home) so every employee can have a unique, complex non-repeatable password for every site.
  2. Inform employees of the potential for suspicious emails. Make sure before anyone clicks on a link in an email that they understand where that link is taking them. In Outlook, you can do this by hovering your mouse over the link. A small pop-up will show the actual link address. If suspicious, delete it.
  3. If you think it is legitimate, type the address in a browser tab. Don’t click the email link.
  4. Go to the ACT website and download the latest cybersecurity document and forward it to all employees.
  5. Did you check the link before you clicked?
  6. Have a short employee meeting to emphasize the importance of protecting client information.

Review These Articles

Following are a few articles that may be helpful:

If you have any other information, please leave a comment below.

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *