Spotting Fake Carrier Emails

Learn to identify phishing emails disguised as insurance carrier communications.

Why This Matters

Insurance agencies are prime targets for phishing. Attackers impersonate carriers like Travelers, Hartford, and Progressive because agents open those emails reflexively. A single click can expose client data, commission payments, or agency credentials.

What a Fake Carrier Email Looks Like

From: payments@travelers-billing.com

Action Required: Update ACH Payment Information

Dear Agent,

Our records indicate that the ACH payment information on file for Agency Code 06121 needs to be updated. Please verify your banking details using our secure portal:

https://travelers-billing.com/update-ach

Failure to update within 5 business days may result in delayed commission payments.

        Red flag: The real Travelers domain is travelers.com, not "travelers-billing.com". Carriers never ask you to update banking info via email link.
      

5 Signs of a Fake Carrier Email

Wrong domain — Check the exact sender domain. "travelers-billing.com" is not "travelers.com".
Urgency or threats — "Failure to update may result in delayed payments" pressures you to act fast.
Unexpected request — You weren't expecting an ACH update. Real changes go through your agency manager.
Generic greeting — "Dear Agent" instead of your actual name or agency name.
Suspicious links — Hover over links. If the URL domain doesn't match the carrier's real website, don't click.

Real vs. Fake Domains

✓ travelers.com ✗ travelers-billing.com

✓ thehartford.com ✗ hartford-claims.net

✓ progressive.com ✗ progressive-agency.com

✓ docusign.com ✗ docusign-secure.net

What to Do

Don't click any links in the email.
Verify by calling the carrier at a phone number from your agency portal or their real website.
Report the email to your supervisor.
Delete the email after reporting.

Return to Dashboard