News

One of the best ways 
to stay ahead of risk? Stay well informed.

Home  /  Insights  /  Alert: Emerging Cyber Fraud Threat

Alert: Emerging Cyber Fraud Threat

The threat of cyber fraud and attacks on our personal information is ever-present these days. In an effort to keep our current and prospective clients well informed, we want to make you aware of an ongoing, coordinated effort by hackers to attack some insurance carriers.

The Department of Financial Services (“DFS”) recently learned of a systemic and aggressive campaign to exploit cyber flaws in some public-facing websites to steal Nonpublic Information (NPI) from random people.

DFS first became aware of this cyber campaign when it received reports from two auto insurance carriers in late December 2020 and early January 2021, that cybercriminals were targeting their websites that offer instant online automobile insurance premium quotes (“Auto Quote Websites”) to steal unredacted driver’s license numbers. The insurers first noticed this activity because of an unusually high number of abandoned quotes or quotes not pursued after the display of the estimated insurance premium. On the Auto Quote Websites, the criminals entered valid name, any date of birth and any address information into the required fields. The Auto Quote Websites then displayed an estimated insurance premium quote along with partial or redacted consumer NPI including a driver’s license number. The attackers captured the full, unredacted driver’s license numbers without going any further in the process and abandoned the quote.

PLEASE NOTE: Marshall & Sterling’s public-facing website – www.marshallsterling.com – has NOT been compromised, and remains secure. Our site does not store NPI. The unauthorized collection of NPI appears to be part of a growing fraud campaign specifically focused on stealing NPI from public-facing insurance carrier websites that display or transmit consumer NPI. This includes some “Instant Quote Websites” that provide an instant quote such as an auto insurance rate using the consumers’ NPI.

This activity appears to be part of an overall increase in efforts to steal NPI, driven in part by increased fraud activity during the pandemic. Since the COVID-19 pandemic started, the U.S. has seen an unprecedented surge in benefits fraud. DFS has confirmed that, at least in some cases, this stolen information has been used to submit fraudulent claims for pandemic and unemployment benefits. Notably, the concerted effort to steal NPI data specific to people living in New York seems to have coincided with the implementation of enhanced identity requirements to obtain pandemic benefits. DFS is also aware of evidence that this cybercrime activity is not limited to auto insurance carrier websites.

According to DFS and other sources, it appears that cybercriminals have attempted to purchase insurance policies in the name of innocent victims utilizing insurance company websites. Please be assured that this has no connection to Marshall & Sterling or our websites. We do not store any private information about our clients on our websites which would allow such purchases.

If you recently received an insurance quote from a carrier that you did not initiate yourself, please immediately contact your Marshall & Sterling service professional, or contact the carrier from which the quote was generated, to inform them of any suspicious fraudulent activity. Always follow best practices to protect your identity as much as possible. We have several related blog articles on our website which can provide valuable tips:

Cyber Risk Best Practices

Protecting Your Identity

Insurance carriers are working diligently to prevent the ongoing spread of this fraud, and to protect your NPI to the greatest degree possible. We will continue to keep you informed regarding these ongoing threats, and what is being done by insurance carriers to mitigate them.

Personal Insurance

Cyber Security, Auto