Claim settlement process change
New ways are consistently developed by hackers to access accounts and compromise sensitive information. There have been increases in email interception leading to claims being settled into fraudulent bank accounts unbeknown to the policyholder. The ever-changing and potentially threatening digital landscape, has led MUA to review the claims settlement process to minimise falling prey to hackers and to take the right measures to keep our policyholders from being victims of email interception fraud. All claim payments will be affected to the account from which premium is debited (monthly policies). In instances where the broker collects premium or annual policies, the process will be to obtain the banking details from the broker directly or the policyholder via the broker, whichever is relevant. Banking detail verification processes are in place.
There are several ways that email interception can take place. One common method is for an attacker to gain access to an email server and read or modify the emails stored on that server. Another possibility is for an attacker to intercept emails in transit, between the sender and receiver (called man-in-the-middle attack). In this type of attack, the attacker inserts himself into the communication between the sender and receiver and then read or modify the messages being exchanged. Hackers will use cleverly disguised phishing and spoofing scans to compromise email passwords of mail accounts. Once the login credentials have been stolen, they will create malicious forwarders and filters with the intention of intercepting sensitive emails, particularly messages that contain financial information such as invoices, payment requests, banking details, etc. Threat actors will then monitor these mailboxes until opportunity strikes. An example of this would be an email where an insurer requests the banking details from the policyholder for claims settlement.
The attacker will intercept these messages and hide them before the policyholder is able to see it. The attacker will respond to the intercepted email using the compromised email account or they may use a spoofing method (when an attacker uses another domain and uses the “stolen” email address as the sender to make it look like the message came from the original email account after changing the banking details.) The recipient of the email with changed banking details is unaware of this and will make the payment, effectively transferring the money into the fraudulent bank account.
Here are some tips for minimising risks on an individual level:
- Use different passwords for all the other email accounts relating to the domain.
- Reset and have new passwords for all email accounts.
- Regularly update your password.
- Use complex, secure passwords.
- Run security scans on any personal computers or other devices with access to the email accounts.
- Use an SSL certificate in your email client settings.
- Periodically monitor filters and forwarders in the control panel, this includes individual email account filters as well as global filters.