It has come to our attention that a small number of our clients have recently suffered from unauthorised access and manipulation of their email accounts (email hacking).
Unauthorised email hackers have been able to review recent emails that our clients have received from legitimate companies, including Marsh Commercial, and then used this information to create similar accounts that have then been used to confuse or influence the client.
Our IT specialists have confirmed that on these occasions it has been the client’s email that has been hacked and not Marsh Commercial. The hacker has not accessed Marsh Commercial email accounts but creates a dummy email address that appears as though the email derives from Marsh Commercial.
In the examples provided by our clients, a fraudulent invoice was created and was positioned as if from Marsh Commercial. The changes made to create a similar account to ours were minor and included an amendment to our web address: marshcommercial.co.uk to marshcommercials.co.uk. In an attempt to authenticate the email the hacker also included a Marsh Commercial colleague’s signature on the email but amended the contact details.
Please note: the fraudulent invoice included payment details for an individual’s bank account. At Marsh Commercial we never ask clients to pay to an individual’s bank account. It would always be the company bank account details that are provided alongside your policy information.
Please take the following precautionary actions:
- Be vigilant and look out for: emails requesting payment to individual accounts and always check the email address matches that of your account executive.
- If you’re unsure about making a payment please make sure you speak to your account executive before doing so.
- Make sure you have a sophisticated password to protect your personal email account.
If you have any concerns regarding emails you may have received please contact your Marsh Commercial account executive.