Exclusive first look at Coalition’s new cyber claims dataGet the 2024 Cyber Claims Report

Email Phishing & Business Email Compromise

Despite the best technological controls, organizations can still face disastrous cyber threats through phishing emails or business email compromise. Here’s how cyber insurance can help.

Coalition Passive-Phishing Hero

Anytime an organization receives an email from someone pretending to represent another person or entity, that organization may be a victim of a phishing attack. Phishing can lead to business email compromise (BEC) that opens the door to potential cyber crimes like funds transfer fraud and ransomware.

According to Cisco’s 2021 Cybersecurity Threat Trends report, phishing is the main cause of nearly 90% of all data breaches. Cyber insurance can help prevent losses from phishing and BEC.

Coalition Passive-Phishing Secondary
Attune About Background

Cyber insurance can help prevent losses from phishing and BEC. Contact Coalition to learn more

What is Email Phishing?

Email phishing is a type of social engineering attack where a threat actor tries to trick victims into sharing sensitive information. In some cases, scammers will ask users to voluntarily share things like account credentials and financial information. In others, the user will simply be prompted to click a link or download an attachment that they believe is legitimate.

Examples of Email Phishing

As organizations have become increasingly reliant on technology,  it comes as no surprise that phishing attacks are more widespread and more sophisticated with each passing day. While technologies have evolved rapidly, the human element has been slower to adapt — creating gaps that threat actors have found to be very lucrative to exploit through social engineering tactics. 

Standard phishing

In most common phishing attacks, a scammer will send an email that appears to come from a real person or a familiar source. Oftentimes, phishing attacks include a link that routes users to a website that looks exactly like a real company website. But this spoofed website usually asks users for sensitive information — like usernames and passwords, credit card information, and account numbers, personal data such as social security numbers, among other things. When the user fills out the form and submits information thinking it’s being sent to a real company, it’s routed to threat actors behind the phishing scam instead.

Business email compromise

Business email compromise happens when cybercriminals gain access to a legitimate business user’s account and uses it to launch a targeted attack. In many cases, threat actors are able to find sensitive information in a user’s email account — like login credentials, financial information, and other private data. Usually, business email compromise attacks involve hackers requesting urgent action — like remitting payment immediately through wire transfers, PayPal, or updating account credentials. In 2019, U.S. organizations collectively lost more than $1.7 billion due to these kinds of attacks, according to the FBI.

Malware phishing

Malware phishing occurs when a threat actor sends an email or sms/text message that includes a link that automatically downloads malware or ransomware on the individual’s device once it’s clicked. 46% of organizations that are victims of phishing attacks have experienced ransomware infections, and an additional 27% have been hit with malware attacks.


Spearphishing is the process of executing a highly targeted phishing attack on a specific individual — usually a member of the C-suite or another executive. While most run-of-the-mill phishing attacks are a numbers games — threat actors send phishing messages to many people, hoping one person is tricked. Threat actors perform due diligence and target specific individuals.

How to Identify Email Phishing

Phishing attacks come in many shapes and sizes. Some are more sophisticated than others, but all can have the same disastrous impact on your operations. While the following list is by no means complete, here are some tell-tale signs that might indicate the email you receive is an attempt at phishing:

  • A lack of personalization. If you receive an email that purports to be from an established vendor, but it’s not directly addressed to you — think “Dear Customer” or “Dear User” — it might be a sign of a phishing attempt since most leading brands use personalization in their email marketing efforts. On the other hand, phishing emails are often sent to as many people as possible at the same time, which makes a more generic greeting the default.

  • Typographical and grammatical errors. While no one is a flawless writer, most professional emails are well-written, edited, and largely free of typographical and grammatical errors. If you notice several errors in an email, it very well could be a phishing attempt.

  • Attachments. If a company emails you out of the blue asking you to download an attachment to gain access to your account, there’s a good chance it’s a phishing email that you shouldn’t engage with.

  • Unfamiliar domains. Sometimes, a phishing email will appear as though it comes from a verified sender only to fall apart under further scrutiny. For example, an email that purports to come from Fidelity might be sent from a near-name fake website like Fidelity.co instead of the company’s real webpage domain, Fidelity.com.

  • Requests for sensitive information. In virtually all instances, companies will not ask you to share bank account information, login credentials, credit card numbers, employee phone numbers or similar private information over email. Should you receive a message asking you to send sensitive data over email, it may very well be a phishing attempt — one that could lead to ransomware, wire transfer fraud, or identity theft. To avoid being duped by a bad actor, Coalition recommends implementing a “dual control” process that includes calling the requestor on a known number to validate their request and verifying the nature of the request with another executive at the company.

  • Sense of urgency. If an email message tells you that you need to do something immediately — like click a link to update your account credentials right this second — it may be a threat actors’ attempt at stealing your login information.

All this said, it’s important to remember that hackers’ tactics are always evolving. So, even if this section included every single sign that might indicate a phishing email, it’s only a matter of time before phishers adopt new methods. For this reason, it is critical to stay vigilant and always be on the lookout for suspicious emails.

How does Email Phishing happen?

Email phishing happens when threat actors decide to target organizations and individuals and convince them to click links, download malicious attachments, change login credentials, or share account information. Since the average business user sends and receives hundreds of emails a day, it’s easy for someone to engage with a fraudulent email without even realizing it.

Is Email Phishing Covered by Insurance?

As phishing attacks become increasingly common, more and more cyber insurance providers are adding coverage for these schemes to their policies. If you’re looking to protect your business’ digital footprint from threat actors — and protect your customers, too — you need to make sure that your cyber insurance policy includes coverage for phishing attacks.

How can you Prevent Email Phishing Attacks?

While businesses might not be able to eliminate email phishing attacks entirely, they can take proactive steps to drastically reduce the likelihood the organization is impacted by them. Some ways to prevent email phishing include using:

Network-based domain reputation filtering Is a service that prevents users from accessing known phishing sites even when they inadvertently click on malicious links, including those found in social media.

Anti-phishing software Which includes email filtering services and anti-malware products like Panda Adaptive Defense, Malwarebytes, and Sophos. These solutions automatically scan email sources, links, and attachments and alert companies when a Phishing attempt is detected.

Multi-factor authentication (MFA) Refers to a mechanism that ensures attackers can’t access employee accounts without also having an additional verification method (usually in the form of an authentication code). Even if they have the right login credentials, MFA adds another layer of protection making it harder for hackers to impersonate employees.

SPF, DKIM, and DMARC tools Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC) enable businesses to prevent domain spoofing, guaranteeing that only authorized users are able to send emails from a company’s domain. Ensuring emails routing through company servers originate from trusted domains.

In addition to these tools, organizations can also reduce the chances they fall victim to a phishing campaign by regularly training their teams on what phishing attacks are, how they can proliferate into a full-scale cyber attack, and what to look for. While they’re at it, they can also teach employees the importance of password hygiene and what a strong password looks like. Additionally, companies can consider educating customers on what to look for in phishing attacks to reduce the chances they’re victimized by someone impersonating the organization.

How to Report Phishing Emails

If an organization has been on the receiving end of a phishing attack, they should mark the message as spam, block the sender’s email address from contacting anyone on their domain, and report the attack to their internal IT teams. According to the Federal Trade Commission, victims should forward suspected phishing emails to the Anti-Phishing Working Group and also report the attack to the Federal Trade Commission. Additionally, the company’s email provider likely offers tools that make it easy to report phishing attacks to them in just a few clicks.

How does Coalition protect Businesses from Email Phishing?

Coalition’s Active Insurance is designed to prevent phishing attacks before they occur. We do this by proactively leveraging cybersecurity tools and threat intelligence to keep policyholders safe before incidents happen. At the same time, we also offer coverage that protects businesses when these attacks occur, as well as guidance that helps minimize the impacts of these incidents.

If an organization is the victim of a phishing attack and they are Coalition policyholders, we will pay the costs associated with:

  • Creating a press release and a public-facing website that notifies the organization’s customers about potential phishing attacks.

  • Reimbursement for any loss that stems from a phishing attack.

  • Removing websites that are attempting to impersonate the organization.

Coalition’s effectiveness is guided by a three-pronged approach to Active Response, which offers robust protection before, during, and after incidents:

1. Security support center. Our one-of-a-kind, in-house technical support team ensures policyholders know the vulnerabilities and cyber risks they face — and the remediation options that are available to them should an attack occur.

2. Coalition Incident Response (CIR). When incidents occur, our staff — which includes incident responders, forensic specialists, and security engineers — responds right away, ensuring claims are dealt with swiftly. Policyholders have access to these folks 24/7 until the incident is resolved, which could mean the difference between a massive disruption or what ultimately amounts to a minor blip.

3. Claims. The Coalition claims team, staffed by privacy attorneys and legal experts, help clients recover quickly when disaster strikes. Whether you need to claw back lost funds, engage with vendors and law enforcement, cover breach costs, or even respond to cyber extortion demands, our claims team is just a phone call or email away, standing by to make the process as efficient and cost-effective as possible.

Attune About Background

Brokers, if you're interested in offering Coalition cyber insurance to your clients, click below to get appointed. If you have questions about your organization's cyber risk score, try our Cyber Risk Assessment — it's completely free.

2023 Cyber Claims Report