Scattered Spider, a teenage-led (mainly UK and US-based) hacking group has begun targeting insurance companies, sparking fresh warnings from cyber security experts.

Google’s Threat Intelligence Group (GTIG) confirmed multiple US insurance firms have recently suffered attacks matching the group’s methods. Known for breaching major retailers like M&S and Tiffany, the group uses tactics such as phishing, SIM-swapping, and MFA fatigue to bypass identity checks and helpdesk protocols.

Two incidents in early June, affecting Philadelphia Insurance and Erie Insurance, show the threat is real and growing. GTIG warned that the group tends to focus on one sector at a time, and insurance firms are now clearly in its sights. Experts believe UK providers could be next.

Unlike ransomware gangs, Scattered Spider relies on social engineering to move fast and exploit human error. “They don’t need advanced exploits,” said Jon Abbott, CEO of ThreatAware. “They get in by tricking people – not by breaking software.”

To stay safe, insurers and other businesses should strengthen helpdesk verification, use phishing-resistant MFA, and monitor for unusual login activity. Above all, building a culture of security awareness is essential to stop attackers in their tracks.