Division of Insurance Issues Warning Regarding New Phishing Scam

Warns Current Attack is Targeting Insurance Producers

The Massachusetts Division of Insurance (DOI) has issued an urgent notice on April 1, 2025, warning licensees about ongoing phishing attacks. These sophisticated scams impersonate the DOI and threaten license revocation to trick insurance producers into revealing sensitive information.

How These Attacks Work

Malicious actors are sending fraudulent emails that:

• Display DOI letterhead or the Massachusetts State Seal
• Include accurate license information to appear legitimate
• Direct recipients to click suspicious links that claim to “verify” license information
• Threaten immediate license revocation if recipients don’t comply
• May contain convincing but slightly altered email addresses and website URLs

Identifying Legitimate DOI Communications

The Massachusetts DOI provides these verification guidelines:

1. Official Letterhead: Valid emails display the letterhead shown at the top of the official notice
2. Correct Sender: Legitimate emails come “From the NAIC on behalf of the Massachusetts Division of Insurance sbs@naic.org“
3. Proper Links: Valid DOI links direct to:
   • https://www.mass.gov/orgs/division-of-insurance (DOI homepage)
   • www.nipr.com (for license applications and address changes)
   • https://sbs.naic.org/solar-external-lookup/ (for viewing license information)
   • https://sbs.naic.org/solar-external-lookup/license-manager (for printing licenses or education transcripts)

The Dangers of Phishing and Social Engineering

These attacks pose significant threats beyond inconvenience:

• Identity Theft: Stolen credentials can lead to fraudulent accounts and financial loss
• Business Compromise: Attackers may gain access to client information, creating liability issues
• Ransomware Installation: Clicking malicious links can install software that encrypts your systems until payment
• Regulatory Consequences: Data breaches involving client information may trigger reporting requirements and penalties
• Reputational Damage: Compromised systems can damage client trust and professional relationships

Effective Prevention Strategies

Protect yourself and your business with these practices:

• Verify Before Acting: Contact the DOI directly at 617-521-7794 (option 3) whenever you receive suspicious communications
• Check Email Headers: Examine the full sender email address, not just the display name
• Hover Before Clicking: Place your cursor over links to preview the actual destination URL before clicking
• Use Bookmarks: Access official websites through your own bookmarks rather than email links
• Enable Multi-Factor Authentication: Add an extra security layer to your accounts where available
• Keep Systems Updated: Maintain current security patches on all devices
• Train Staff: Ensure everyone in your organization understands phishing warning signs

If you suspect you’ve received a phishing email claiming to be from the Massachusetts DOI, report it immediately to the Producer Licensing Unit at 617-521-7794 option 3.