By Rafael Pelaez, Chief Information Security Officer, Pan-American Life Insurance Group

Eastimated read time: 4 minutes, 21 seconds

Cybersecurity has always been important, but now, it’s an urgent priority. We are all conducting more business online now—and, by no small coincidence, so are cybercriminals.

At PALIG, we’ve escalated our cybersecurity practices and will continue to do so. Because you interact directly with current and future policyholders on a daily basis, agents and brokers also play a critical role in protecting our mutual clients’ personal information.

Increasingly-common cybercrimes include online impersonations, social network fraud, cyberbullying, cyber extortion, identity theft, and unauthorized access to institutional systems.

Some of the main threats that we are seeing today are Ransomware and theft of sensitive data, including protected health information (PHI) and personally identifiable information (PII).

In order to achieve this, bad actors tend to exploit the weakest link, people, and therefore they tend to employ social engineering techniques, including phishing (email), vishing (phone call), and smishing (text) scams 

As we all undertake our ongoing digital transformation, cybercriminals are developing new methods of attack, many times trying to exploit vulnerabilities in updated processes or cloud environments. Needless to say, it’s important for all of us to stay up-to-date.

In addition to communication initiatives that we offer to PALIG colleagues, we are launching a cybersecurity blog series designed for you, our agents and brokers. We will periodically update you regarding the threats that we are seeing and, just as importantly, provide you with strategies for reducing your risk profile.  

For our first blog in this series, we have chosen to tackle email phishing scams. Our Information  Security team has determined that phishing is one of the attack vectors that you are most likely to encounter while conducting business online. Unfortunately, phishing scams are becoming more sophisticated and convincing by the day. Don’t be a victim—be vigilant and ready.

Phishing Scams Have Become More Dangerous

Not too long ago, phishing emails were relatively easy to spot due to their poor grammar and spelling, as well as their odd content. However, these days, some phishing emails look dangerously authentic. They may look professional and may appear to be related to some of your legitimate business activities. 

In a nutshell, phishers use proven social engineering tactics to trick you into opening an attachment or clicking on a link. Once you do so, the cybercriminals often download a malicious file onto your PC or system, or otherwise access your credentials.

How to Identify Phishing Emails

The best way to thwart phishing attempts is to combine strong technical controls (like anti-malware and antivirus software) with intentional behavioral changes. As a rule of thumb, assume all outside emails are suspicious, especially from unknown sources.

Never accept such emails at face value. Examine them carefully for their appearance and their content. In addition:

• Keep your emotions under control. Phishers deliberately try to elicit fear and curiosity to compel their victims to open attachments or click a bad link.
• Look for grammar errors, typos, inconsistent capitalization, etc. 
• Pay close attention to the sender’s domain name. Phishers sometimes modify or shorten a trusted domain name slightly, so it appears legitimate at a quick glance.
• Examine embedded links by HOVERING (not clicking) your mouse over the hyperlinks. This may reveal the true URL. If you question a link but aren’t sure, do not click it. Instead, contact the sender separately and verify its legitimacy.