Arizona’s Department of Insurance (AZDOI) has sent an email to all insurers operating in the state which warns them of an ongoing phishing scam.
The regulator has warned that email messages falsely claiming to be from the National Association of Insurance Commissioners (NAIC) are being sent to insurance professionals. The emails claim that the NAIC had received a complaint against the professional for submitting a falsified claim, and has a link to the complaint notification. The email may look official since it prominently displays the NAIC and CIPR logos, but once the suspicious link is clicked it downloads a trojan virus.
Citing information from the actual NAIC and the Arizona Department of Administration Security Operations Center (AZSOC), AZDOI noted that the virus has been identified as Lime RAT, a remote access trojan. Lime RAT can be used to perform malicious actions on the affected computer, such as installing ransomware.
AZDOI also shared that the phishing email originally targeted insurance producers in Wisconsin, but has now spread to Illinois, Minnesota, and Washington.
The insurance regulator urged all insurance producers – even those not operating in the state – to be wary of suspicious emails. AZDOI also offered a reminder that the email address “email@example.com” is not a valid NAIC address.