Recent Social Engineering Attacks Target Insurance Companies

The insurance industry, long deemed a secure vault for sensitive personal and health data, is now unfortunately facing a surge of cyberattacks rooted in social engineering. Rather than technical vulnerabilities, these assaults exploit human trust through phone calls, phishing, and impersonations.

Prime examples of this trend were three attacks on U.S. insurance companies in June 2025 alone, where hackers used deceptive tactics to infiltrate networks and extract customer records.

Insurance Cyberattacks: A Case Study in Social Engineering

Earlier this month, three major U.S. insurance providers serving millions policyholders detected suspicious activity on their networks. The breaches were quickly contained within hours, and fortunately no ransomware was deployed.

Official statements noted that the attackers used social engineering tactics, manipulating employees to gain system access. Potentially compromised data includes Social Security numbers, health and claims data, and personal information of customers, agents, and employees.

In response to the breaches, the companies have offered impacted customers credit monitoring and identity protection services. The  rapid detection and containment by these enterprises are commendable, and at the same time, the human deception vector highlights an alarming vulnerability: social engineering is now a principal method of cyberattack.

These incidents suggest a concerted assault on the insurance ecosystem in June 2025, primarily via social engineering of insurance companies, specifically a coordinated effort to exploit similar human-centric failure points across organizations.

Social Engineering A Rising Threat to Insurance

A singular attack group has emerged as a dominant threat actor in the insurance space. Google’s Threat Intelligence Group (GTIG) has issued alerts noting multiple intrusions into U.S. insurance firms, using the same social engineering playbook used in this threat actor’s prior retail-centric campaigns.

Key characteristics of their method include:

• Pretexted Help-Desk Calls: Hackers impersonate internal help-desk staff to extract credentials.
• Targeted Social Engineering: They specifically hit external-facing support lines like call centers — high-trust roles ripe for manipulation.
• Sector-Specific Pivoting: After campaigns against retail, this threat group has pivoted firmly into the insurance industry, exploiting repeatable patterns and institutional vulnerabilities.

Experts warn that insurance companies are attractive due to their data wealth, combining private health, identity, and financial records, and their reliance on large, sometimes loosely managed remote-service infrastructures.

A Global Trend: Social Engineering Beyond U.S. Insurance

While the recent wave targets U.S. insurers, social engineering has long been used globally within the sector. A well-documented 2024 India scam saw fraudsters posing as Insurance Regulatory Development Authority staff on WhatsApp voice calls, deceiving a retired man into transferring the equivalent of  $290k U.S. citing fake recovery assistance. This scheme leveraged trust and impersonation—textbook social engineering.

On a broader scale, companies worldwide face common threats:

• Phishing emails targeting agents or executives for credential harvesting.
• Mobile texting to gain access to internal tools.
• Fake portals mimicking login screens to trick employees and customers.
• Insider deception, where adversaries manipulate staff to bypass MFA or network checks.

Lessons Learned & Best Practices

1. Employee awareness is critical: Regular training must include realistic role-play scenarios (e.g., simulated calls from IT support).
2. Verify all requests: Unexpected requests, especially over phone, should be validated via separate, official channels (e.g., VPN-enabled tickets, or ‘executives’ requesting access or funds).
3. Harden external-facing contacts: Help desks and call centers should follow strict verification protocols before granting access or resetting credentials.
4. Segmentation + MFA: Even if credentials are compromised, network segments and strong multi-factor should limit lateral movement.
5. Rapid detection and response: Teams that identify and halt breaches in hours are a model for incident response initiatives.
6. Post-attack care: Affected data holders must offer ongoing support like credit protection and theft coverage.

The Future of Social Engineering in Insurance

• Education vs. automation: As phishing and pretexting become more human-focused, cyber insurance firms must train employees as vigilantly as they update technical systems.
• AI-driven attacks: Emerging threats may combine generative AI (e.g., WormGPT) with deepfaked voices to create even more convincing deception.
• Regulatory pressure: Legislators may impose stricter liability on firms for failure to protect client data, a shift reminiscent of mandates following the Anthem (2015) breach.
• Collaborative sharing: Security communities—insurers, government agencies, and intelligence firms—should share indicators quickly to thwart campaigns before contagion spreads.

New Tech Needed to Fight Social Engineering

Social engineering is no longer abstract—it's a clear priority threat. The recent attacks are further proof of just how easily human trust can be weaponized and staff-level vulnerabilities are exploited.

These events aren't mere anomalies, they are the early signals of a broader campaign aimed at the human gatekeepers of sensitive data. To safeguard the industry's future, enterprise companies must evolve beyond legacy security tech to safeguard their people.

Doppel was built to protect brands, executives and consumers from social engineering attacks and leading companies trust Doppel to prevent social engineering at scale.

To learn more about Doppel, request a demo.