The banking, financial services and insurance sector was the most targeted by scamsters in 2016, says Indeevar Krishna, Head - Operations and Customer Service, Max Life Insurance
Illustration: Dominic Xavier/Rediff.com
With a steady rise of the internet business and digitisation in past one decade, cyber attacks have also grown to a mammoth level. The magnitude of the situation can be assessed with the findings of a recent report which identifies cyber attack threat as one of the top 10 global threats.
Phishing continues to be one of the most common forms of cyber attack which hackers prefer to use across different industries. For those of you who are not aware, Phishing is the process of sending spurious mails to acquire customer’s details or luring them with unbelievable offers to encourage them to make online payment to fake accounts.
The BFSI (banking, financial services and insurance) sector has been one of the top targets for phishing activities in recent times. This is evident from the fact that BFSI sector was the most targeted sector in January 2016 with 40.2 per cent of all phishing attacks, mainly through malicious spam email attachments.
Insurance industry continues to lure attackers with the increase in investments through online portals. The migration of the insurance companies towards digital channels to form better customer relationships, expand customer’s financial portfolio and offer new products has given exponential rise to the cyber attacks in the insurance sector.
With the above as a background, let's understand how some ‘too good to true offers' are used for phishing in the insurance sector with the help of some real life examples:
Sanjay had opted for a term plan with one of the leading insurance companies four years back, for which he was paying a premium of Rs 50,000 annually.
Recently he got a mail from IRDAI (the insurance regulator) informing him of being chosen randomly from their database for a ‘once in a lifetime offer' of paying next three premiums in advance and getting a 25 per cent discount on all his remaining premiums.
Sanjay fell for the offer and made the payment through online transfer. It took him few days to realise that he has been a victim of phishing as the mail from 'IRDAI' had actually come from a fake email id of 'email@example.com' which he didn't notice as it looked familiar to IRDAI's official domain of www.irda.gov.in and ended up getting duped of his hard earned money.
Deepti and Nitin recently opted for a child plan for their new-born baby. The plan guaranteed them money backs as well as the sum assured at the end of the term for their child's higher education.
On the fifth birthday of their child, they got a call from the 'policy issuing company', congratulating them on their child's birthday and extending a 'one time offer' as a gift on the occasion.
The lucrative offer 'entitled' them for paying a one-time premium and getting a 50 per cent rebate on it, post which they didn't have to pay any premium till the policy term ended.
The polished caller had some details about the couple's policy and even extended a facility of 'cheque pick up'. Thanking their luck, the couple happily paid the amount through cheque, only to be informed by the 'original' policy issuing company later that neither had it received any such payment, nor were they running any 'offer'.
These two are some of the classic examples of Phishing and Vishing (Voice based) scams in the insurance sector. If only Sanjay and Nitin had paid any attention to the regular SMS warnings & email campaigns by the IRDAI and their insurance company, they would have not fallen prey to these scams.
Such educative campaigns are a part of the continuous effort by the insurance companies to warn their customers of fraudulent activities. Insurance companies make sure that all communication material to their customers carry these warnings.
The moment a fraudulent activity is noted, FIR is registered by the insurance company, the account numbers to which the payments are frozen and the numbers from which the calls were made (in case of Vishing) are blocked and tracked.
In most cases the fraudsters are arrested, however that may take time depending on the investigation and leads the investigating agency has.
How to protect against Phishing
- The best possible way to protect yourself from falling into such phishing traps is, not believing in such 'too good to be true offers'.
- Directly call up the issuing insurance company, to check the authenticity of the information or offer that has been communicated to you. Do not make the payment to a third party in any case.
- If you are paying by cheque, then it should mention both the name of the insurance company and your policy number to ensure that it reaches the genuine insurer.
- If you are paying via NEFT, do remember to cross check it with the bank account details provided on the insurance company's website.
- Never pay in cash and blindly trust a caller...
...are some of the golden rules to avoid being a victim of such fraudulent activity.
There is a strong need to be alert, aware and fight the phishing menace together with the regulatory authorities as well as the insurance companies, to ensure that you are not the next in line to fall for such 'offers' which are just a smart way to con your hard earned money.