Are You Sure That Email Is Legit?

May 27, 2025

An unfortunate trend is being noticed by ISMIE: More policyholders are reporting incidents of email impersonation attacks. This is a type of phishing in which cyber threat actors pose as a trustworthy colleague, acquaintance, vendor or organization to lure recipients to provide sensitive information or network access. These ruses can come in the form of an email, phone call or text message and, if successful, this technique could result in data breaches, identity fraud, services (e.g., scheduling patient visits, billing), and/or financial losses.

Here’s a real-life example reported to ISMIE:

A hacker impersonating a known vendor that the insured uses requested payment information updates. The impersonating hacker provided new routing information and a W-9 form. The unsuspecting insured updated the payment information without confirming or questioning and finds out a few months later that they had been paying the hacker – not the trusted vendor.

ISMIE can help guard against these types of attacks and offers a cybersecurity resource that outlines potential threats and ways policyholders can mitigate those risks.

If you experience a cyberattack or suspect your organization’s cybersecurity has been breached, ISMIE is here to help! Contact our Claims Division as soon as possible at 800-782-4767 x3510, or by email.