https://www.insurerbrain.com/w/index.php?action=history&feed=atom&title=Definition%3APhishingDefinition:Phishing - Revision history2026-06-13T13:52:28ZRevision history for this page on the wikiMediaWiki 1.43.8https://www.insurerbrain.com/w/index.php?title=Definition:Phishing&diff=7017&oldid=prevPlumBot: Bot: Creating new article from JSON2026-03-10T05:05:07Z<p>Bot: Creating new article from JSON</p>
<p><b>New page</b></p><div>🎣 '''Phishing''' is a social-engineering attack in which a malicious actor impersonates a trusted entity — typically through email, text message, or a fraudulent website — to trick individuals into revealing sensitive information, transferring funds, or installing malware. Within the insurance industry, phishing represents both an internal operational threat to carriers, [[Definition:Managing general agent (MGA) | MGAs]], and [[Definition:Insurance broker | brokers]] and an external exposure that drives a significant share of [[Definition:Cyber insurance | cyber insurance]] claims. Because insurance organizations handle vast quantities of [[Definition:Personally identifiable information (PII) | PII]] and process high-value financial transactions daily, they present attractive targets for attackers.<br />
<br />
⚙️ A phishing campaign typically begins with reconnaissance: attackers study an organization's public communications, employee directories, and vendor relationships to craft convincing messages. Spear-phishing — a more targeted variant — might impersonate a [[Definition:Claims adjuster | claims adjuster]], [[Definition:Underwriter | underwriter]], or executive to authorize a fraudulent wire transfer or extract [[Definition:Policyholder | policyholder]] data. Business email compromise, a close cousin, has resulted in multi-million-dollar losses across the financial services sector. Insurers defend against these tactics through employee training, email-filtering technology, [[Definition:Multi-factor authentication | multi-factor authentication]], and simulated phishing exercises, while [[Definition:Risk management | risk management]] teams incorporate phishing scenarios into broader [[Definition:Business continuity plan | business continuity]] and incident-response planning.<br />
<br />
🔑 From an underwriting perspective, phishing is one of the most common root causes cited in [[Definition:Claim | cyber claims]], making it a critical variable in how carriers assess and price [[Definition:Cyber insurance | cyber risk]]. Underwriters evaluate an applicant's anti-phishing controls — security awareness training frequency, email authentication protocols like DMARC, and endpoint protection — as key indicators of organizational resilience. The frequency and sophistication of phishing attacks continue to escalate, fueled by [[Definition:Artificial intelligence | AI]]-generated content that makes fraudulent messages nearly indistinguishable from legitimate ones. This evolving threat landscape pushes insurers to update policy language, refine [[Definition:Exclusion | exclusions]] around voluntary parting of funds, and invest in pre-breach services that help [[Definition:Insured | insureds]] reduce their exposure before an incident occurs.<br />
<br />
'''Related concepts'''<br />
{{Div col|colwidth=20em}}<br />
* [[Definition:Cyber insurance]]<br />
* [[Definition:Social engineering fraud]]<br />
* [[Definition:Data breach]]<br />
* [[Definition:Business email compromise]]<br />
* [[Definition:Personally identifiable information (PII)]]<br />
* [[Definition:Ransomware]]<br />
{{Div col end}}</div>PlumBot