A rapidly growing form of internet email fraud is a practice known as phishing. Phishing refers to when perpetrators send fraudulent email messages requesting confidential information. The information then allows the perpetrator to gain access to the victim’s accounts and steal the victim’s identity. If you are not expecting an email about your insurance or from your insurance provider, there’s a possibility that it may be a phishing email. Most insurance companies will send out a notification email telling users to check their account for an update, rather than directly emailing about an insurance policy.
Some common types of insurance phishing emails include:
- Emails urgently requesting more information to update or complete your policy in order to avoid a fee.
- Emails with false links to either your account login, policy updates, or proof of insurance.
- Emails with malicious attachments pretending to be your policy coverage or urgent changes to your policy.
- Emails with logos from well-known insurance providers that contain attachments or require customers to send personal information to them via email or a pop-up window.
Be on the lookout for:
- Generic greetings or mistakes in the greeting.
- A false sense of urgency. Many phishing emails threaten you to act immediately to avoid losing access to your account or canceling your contract.
- Misspellings and bad grammar.
- Pop-up boxes in an email are not secure. If a pop-up box appears simply by opening an email, do not enter personal information into it.
- Links in the email that go to websites other than the one listed or suggested by the email.
Tip to protect yourself and your accounts:
- If you receive an email or pop-up message that asks for personal or financial information, do not reply. Legitimate companies do not ask for this information via email. Never use email to send sensitive, personal, or financial information. Email is not secure.
- Do not click on any link in an unsolicited or suspicious email. You may check each link by rolling your mouse over it. (Your email program or browser should display the address.) If you have a concern about your account, open a new web browser, type in the company’s address, and log in to your account as you normally would. If there is an urgent matter related to your account, you’ll probably see it there.
- Only use secure websites for sensitive personal data. (A secure website has an address that begins with HTTPS and the browser will display a padlock icon.)
- Do not provide sensitive information to callers; call the business back at a number documented on bills or other business documents.
- Spoofs try to create urgency by warning of account suspension if the information is not updated or confirmed by a specific date. Most companies do not treat customers this way.