A local resident is out nearly $100,000 after being scammed by a phishing email, TLS has learned.
The man received an email from his insurance company on a Sunday evening stating that if he didn’t make the nearly $100,000 payment on a policy, his policy would be canceled the next day.
The man believed the email was authentic, because it had come from the insurance company’s legitimate email address.
Realizing he needed to act to avoid cancellation, the man wired over the payment.
The following morning, he called the insurance company expressing his disappointment with them for not notifying him earlier about his pending cancellation.
The insurance company was dumbfounded, and soon realized a hacker hacked into the company email system, and managed to send an email to this client, making it appear as the agent had sent it.
There was obviously no way to trace the wire, but the insurance company says they’re working with their cyber insurance company to try and retrieve the funds.
That’s a pretty hefty insurance policy… Unless he owns a major co-operation I’m not sure why he would lay out that much money!
why would someone have such a huge insurance bill? He should have called the insurance company first before wiring the money
Why would someone owe $100,000?
That would probably mean he didn’t make a payment in years. Did he really think he owed that much?
I hope he gets his money back!
LOL. So insurance companies call if your policy is gonna be cancelled. And how much was this person insured for if the premium was $100K? It’s hard to believe people are this dumb. Or people this dumb have $100k they can put their hands on in a couple of hours.
always check the actual email address that it matches the title name that appears in your inbox.
While this is true, the article states that the senders email was compromised. This was not a spoof.
Having said that, he should not have wired the money…. that’s not the way insurance bills are paid. He should have logged on to the web portal, called the company or waited till the next day when they were open.
That’s my opinion without really knowing details.
While I really feel bad for this person…I don’t understand why he wouldn’t pick up the phone before wiring such a large sum…unless thats not large for him which raises more questions lol
Something doesn’t add up….
Please! this story is a cautionary tale to warn unsuspecting people that there are scams out there and you have to be alert. Its not intended for everyone to voice their opinion about this individual’s gullibility, or state of mind or state of prosperity. And many savvy people have fallen for ruses that in hindsight are so outrageous, they cannot forgive themselves. But in real time, their fear and anxiety clouded their judgement.
Hard to believe this story is actually true. What are the chances somebody this gullible has access to 100k on the drop of a dime (no pun intended).
$100k for a policy that is for your business is not a crazy amount at all. Premiums can go into the 7 figures.. and insurance companies send letters, they do not call you (Your broker should be calling you… .)
Exactly the reason why having a cyber insurance policy is so important.
I guess he hasn’t read Mr. Benvenisti’s articles.
Thank you. I illustrated this so many times with diagrams and pictures and the cyber insurance problems with this. I have seen no reports of any insurance company hacked. They have to report within 24 hours. I conclude, if this is even true, it was a user error. The person should have called the company before doing anything. Usually the bookkeeper, accountant or Chief Financial Officer handles the expenses (and a person with such a large premium should have at least one of them). Sounds phishy to me in more ways than one.
For all those making fun, this was not a stupid scam, this was a sophisticated hack coming directly from the email of the insurance company. Chances are that the person who sent it is not liable will be reimbursed (or can sue for reimbursement).
In terms of the amount, Thankfully, in this this community, there are many people running large businesses in real estate and other businesses, where wiring 100k for an expense is not unusual. When you are are running a multi million dollar construction project where a laspe in insurance can cause your loans to be called, you don’t mess around and make the payment immediately.
I’m sorry, but this story is absurd. It’s either a joke or whoever is reporting it has the facts completely mishkabobbled. A $100,000 premium would be the cost for a 72-year old man to carry a $10 million policy! No insurance company would underwrite such a policy unless the client had at least a $1 million in yearly income. Anyone with these assets, who would fall for such a ridiculous scam, would have to be a dementia addled multi-millionaire. Sheesh! Even senile nincompoop Joe would have more common sense than that!
Very hard to believe this is a true story.
Why would you wire over the 100 grand instead of going to the company’s website and paying online through there, like usual, first rule of life, there is never a need to wire anyone money ever, second, you never click on the link in the email, you go online to their website, third, no company ever only sends one notice, so look to find previous email warnings, fourth, the government never emails or calls for money, they always send letters, fifth, I’m almost sure pending cancellation notices form all companies, are always letters even if you signed up for paperless.
Stop with the ignorant comments this makes lots of sense for a business policy the amount is not outrageous. Yes we pay lots of insurance. Think about the thing called workers comp that you don’t appreciate when working for an employer. Can be 10-12% or even more in some businesses….
Never wire any money without first calling to verify the wire instructions. Always call the company from a phone number you know or look up in a directory not from the email that you get.
All attorneys will tell you this over and over again.
For all of those folks claiming that such a huge insurance policy would not be unexpected for a large business, I would ask the following questions: (1) How is it that a multi-million dollar business has no accountant, or lawyer, or other financial officer, who is responsible for the businesses financial affairs? (2) How is it that the financial institution from which the $100K was transferred, didn’t recognize the huge RED FLAG here: that this was never before how a business expense was paid. Many years ago I authorized a few thousand dollars to a friend in dire financial need, and the bank called me (not a customer with any significant financial importance) to verify the unusual transaction. Sorry folks, but I for one continue to suspect that this story is seriously without credibility. If it’s true, then whoa for this business and the naivete of those responsible for its finances.
An email phishing scam of this magnitude would be way more sophisticated. First, it would not ask for a wire transfer but a bitcoin conversion because it would be Ransomware where the computer would be bricked until ransom was paid. Secondly, this is a rank amateur, if even true, because the most lucrative tactic is a “double extortion” where sensitive personal information is stolen prior to encrypting. That data would then be held “hostage” in return for a cryptocurrency payment or risk getting the information published online. Likely if he pays his premiums online and has no two-factor authentication or VPN, that would allow any transactions to be easily culled by any “script kiddie” hacker revealing the payee’s email address, the company’s website address (to get the name of the company) the username and password and access to the details of the policy. Very easy. Again this would be better pulled off as the easy part of a sophisticated ransomware attack. The last insurance company hacks that I know of were of CNA in March of last year who finally paid the $40M ransom in May 2021. Geico was also hacked but all the hackers got was driver’s license data. The last possibility is an inside job by one of the company employees who will easily be found out through a forensic investigation.