Division of Insurance Issues Warning Regarding New Phishing Scam
Warns Current Attack is Targeting Insurance Producers
The Massachusetts Division of Insurance (DOI) has issued an urgent notice on April 1, 2025, warning licensees about ongoing phishing attacks. These sophisticated scams impersonate the DOI and threaten license revocation to trick insurance producers into revealing sensitive information.
How These Attacks Work
Malicious actors are sending fraudulent emails that:
Display DOI letterhead or the Massachusetts State Seal
Include accurate license information to appear legitimate
Direct recipients to click suspicious links that claim to “verify” license information
Threaten immediate license revocation if recipients don’t comply
May contain convincing but slightly altered email addresses and website URLs
Identifying Legitimate DOI Communications
The Massachusetts DOI provides these verification guidelines:
Official Letterhead: Valid emails display the letterhead shown at the top of the official notice
Correct Sender: Legitimate emails come “From the NAIC on behalf of the Massachusetts Division of Insurance sbs@naic.org“
Proper Links: Valid DOI links direct to:
The Dangers of Phishing and Social Engineering
These attacks pose significant threats beyond inconvenience:
Identity Theft: Stolen credentials can lead to fraudulent accounts and financial loss
Business Compromise: Attackers may gain access to client information, creating liability issues
Ransomware Installation: Clicking malicious links can install software that encrypts your systems until payment
Regulatory Consequences: Data breaches involving client information may trigger reporting requirements and penalties
Reputational Damage: Compromised systems can damage client trust and professional relationships
Effective Prevention Strategies
Protect yourself and your business with these practices:
Verify Before Acting: Contact the DOI directly at 617-521-7794 (option 3) whenever you receive suspicious communications
Check Email Headers: Examine the full sender email address, not just the display name
Hover Before Clicking: Place your cursor over links to preview the actual destination URL before clicking
Use Bookmarks: Access official websites through your own bookmarks rather than email links
Enable Multi-Factor Authentication: Add an extra security layer to your accounts where available
Keep Systems Updated: Maintain current security patches on all devices
Train Staff: Ensure everyone in your organization understands phishing warning signs
If you suspect you’ve received a phishing email claiming to be from the Massachusetts DOI, report it immediately to the Producer Licensing Unit at 617-521-7794 option 3.
