OSINT FOR INSURANCE FIRMS: A BEGINNER'S GUIDE

INTRODUCTION

Open-source intelligence, or OSINT, is derived from publicly available data collected and analysed to meet specific needs. It is a valuable tool in many sectors, including insurance, because it provides rapid and cost-effective access to critical insights. As a result, OSINT and its associated intelligence disciplines have the potential to generate significant benefits for insurance companies, given increased data volumes, more significant regulatory challenges, and more complex fraud schemes. This article looks at OSINT's uses within the insurance industry, why it should become integral to modern operations, and how it can help protect insurers from fraud and other material risks.

THE GROWING THREAT OF INSURANCE FRAUD

Insurance companies, which were not considered a significant target for financial fraud earlier, now stand in the same queue as banks[i]. This multibillion-dollar problem drives up customer premiums and amplifies insurers' risks. OSINT offers a potent, cost-effective solution that lets insurers enhance their fraud detection and risk management through better decision-making at lower costs.

Fraudsters manipulate policy terms, submit false claims, and employ other tactics that require actionable intelligence for insurers to manage risk. As fraud tactics evolve, insurers must continuously enhance their risk management frameworks.

OSINT is, therefore, essential in detecting and investigating insurance fraud. It reduces resource demand, particularly in complex cases, and saves time and cost. If used appropriately, OSINT can be one of the most potent weapons for spotting suspicious activity and improving fraud prevention.

For example, fraudsters may create fake employment histories or conceal their illegal activities or health conditions to fulfil the underwriters' requirements, thus obtaining insurance coverage based on incomplete or inaccurate information. If left unchecked, this will raise risk and costs for insurers.

However, OSINT and its other subsets, such as social media intelligence (SOCMINT), can help identify discrepancies and inconsistencies and better inform insurers' risk management decisions.

A well-publicised case gives a good example: A claimant, in a personal injury case, sought damages for injuries related to a car accident, claiming that she was unable to work for five years and could not even play with her children. She was denied compensation after investigators found photos of her winning a Christmas tree-throwing contest in a national newspaper, next to video footage of her training her dogs in full activity. SOCMINT tools can be deployed in similar contexts to analyse social media activity, flag red flags, and detect suspicious behaviour[ii].

Besides analysing social media, OSINT allows document verification through public records, databases, and other open sources. This capability will enable insurers to check the authenticity of submitted documentation either during claims or underwriting and identify attempts at fraud much earlier.

OSINT IN ACTION

While diverse in approach, insurance claims fraud falls primarily into one of two groups[iv]:

• Opportunistic. These are fraudulent claims that people submit due to a particular unplanned situation. For example, individuals might exaggerate the extent of their injury or damages to an insured asset resulting from an accident or natural disaster.

• Premeditated. These false claims are well-planned and can be carried out by individuals or organised criminal groups. For example, it can involve staging an accident or a person falsifying that their car has been stolen after having sold it secretly to an associate. Organised criminal groups may conspire with businesses to falsely claim undeclared sales as thefts.

Fraud Detection

Indeed, in practice, OSINT has found one of the most pronounced applications in finding insurance fraud at a time when a person applies for or has received certain disability benefits when it could be proved to be false as per his social media updates, including pictures of himself skiing down a mountain and taking part in some gymnastics activity[v].

Staged Accident Network Detection

A staged car accident involved multiple parties colluding to file fraudulent claims. OSINT tools like Fivecast ONYX identified connections between the individuals involved by analysing their social media interactions and links to the same repair shop. This evidence demonstrated pre-existing relationships among the parties, invalidating their claims[vi].

Business Risk Assessment

An OSINT investigation into a manufacturing company applying for liability insurance revealed multiple lawsuits filed for environmental violations. This allowed the insurer to revise policy terms to mitigate any potential losses.

High-Value Policy Fraud Prevention

In 2024, ZenziSure Insurance used OSINT techniques to investigate a client applying for a $5M life insurance policy. The investigation uncovered inconsistencies in the client’s employment and financial history, preventing the issuance of a potentially fraudulent policy[vii].

PRACTICAL APPLICATIONS OF OSINT IN INSURANCE BEYOND FRAUD

OSINT can be an extremely valuable tool. While it is regularly associated with fraud detection and investigation, its applications extend far beyond this single-use case for insurers.

Underwriting and Risk Assessment

Insurance companies must carefully assess risks before issuing policies. Underwriting is a crucial process used to determine and categorise risks undertaken by insurers. The primary goal is to evaluate policyholders' risk levels to determine appropriate premiums that sufficiently cover potential claims. The more information an underwriter can access, the more accurate and efficient their assessment will be. By leveraging OSINT techniques, underwriters can gather valuable information that might be unavailable, enhancing risk evaluation and decision-making.

For instance, OSINT may investigate an applicant's personal and corporate information through open sources, such as a person's previous reckless conduct, criminal history, or scandals involving a business seeking shelter. Other areas in which OSINT may help underwriters to make better decisions include:

Property and real estate insurance.

• SOCMINT could help assess a property's status or show local hazards like flood zones, wildfires, and landslides. It will also be able to capture data from local support groups for flood victims or social posts concerning for example, renovations or re-roofing.

Health and life insurance.

• Applicant health or lifestyle data can be checked and used during underwriting. For example, frequent social media posts about triathlon finishes could validate an applicant's claim of a healthy lifestyle. Posts depicting unhealthy behaviours could raise red flags.

Commercial insurance.

• OSINT tools and techniques allow the identification of business-related red flags in risk assessment and underwriting policies. For example, analysing news reports for adverse media reports allows underwriters to examine regulatory filings or court records about public reviews of past lawsuits to determine what kind of risk the customer presents.

Claims Management

OSINT tools can corroborate statements provided by claimants and help verify the circumstances of an incident, such as a car accident or workplace injury. Social media posts, news reports, and publicly available video or camera footage can also identify discrepancies between a claimant’s statements and publicly available information, ensuring that payouts are fair and accurate while helping to detect loss exaggeration.

This makes such integration of OSINT and imagery intelligence (IMINT) valuable in political violence insurance claims, especially those from hard-to-reach countries where on-the-ground verification cannot be availed. OSINT aids insurers in collating information from news reports, social media, and local sources, providing context to riots, uprisings, or armed conflicts. IMINT provides the required visual evidence through satellite and aerial imagery confirming property damage, armed groups' movement, or infrastructure destruction. Insurers can cross-check claims against verifiable data, establish more factual timelines of incidents, and grant fair compensation by integrating such intelligence sources in politically unstable regions.

Disaster Response and Catastrophe Modelling

In real time, OSINT ensures improved disaster response and catastrophe modelling and enhances damage assessments, risk predictions, and resource allocations. Rapid and highly accurate evaluation of the affected areas can be made; exposure models can be fine-tuned using satellite imagery, geospatial analysis, meteorological data, and public reports from insurers and emergency responders. It differs from traditional approaches in speed, filling gaps in existing models, and ensuring effective and truly data-driven natural disaster responses.

Asset Tracing and Recovery

OSINT can help insurers locate and recover stolen or hidden assets. Using open-source data, investigators can trace vehicles, luxury goods, or other insured items by analysing online marketplaces, auction sites, and social media where they may be sold. OSINT, such as geotags on photographs, public records, ownership forums and online communities for owners of luxury goods, vehicles or other assets, and dark web marketplaces[viii] can be monitored and alerts generated when items of interest are identified, reducing the cost and often, the time involved in such an investigation.

Investigating Third-Party Vendors

Many insurance companies rely on specialist third-party contractors or repair firms during claim settlement. Performing due diligence on such business partners is essential to access proper and reputable services. Open-source intelligence methods might reveal some warning signals regarding third-party vendors involved in fraud scandals, lousy customer feedback, or court cases in the past.

Generating Richer Customer Insights

As the insurance sector gets more competitive, like any other sector, retaining and identifying more customers is critical to success[ix]. This is where OSINT can add significant value when integrated with existing customer profiling processes. Examples include:

• Customer profiling.

SOCMINT tools can analyse data from social media posts, online reviews, and user communities to help enrich existing customer profiles and tailor products and offers in a customer-centric manner.

• Sentiment analysis.

OSINT can help insurers identify areas of customer concern by analysing customer sentiment on social media and review platforms and proactively addressing any issues before they escalate.

Public behaviour trend analysis.

The early identification of emerging trends in customer behaviour can create a commercial advantage for insurers, enabling them to respond quickly to customers' needs. For example, OSINT techniques could help identify an increase in public interest in environmentally friendly products through analysis of discussions in social media posts, user forums, and interest groups.

Compliance and Anti-Money Laundering

OSINT can also help insurers remain compliant with regulatory requirements by identifying money laundering activities, suspicious financial patterns, or breaches of compliance standards.

For example, OSINT can help verify the public information of new customers during onboarding, and publicly available watchlists such as the Office of Foreign Assets Control (OFAC) Sanctions List[x] can be queried as part of the name screening process.

A range of open sources, such as analysing public records and company filings, news reports, and civil court judgements, can also inform the source of wealth and funds checks.

DEVELOPING AN OSINT FRAMEWORK FOR INSURANCE

To effectively implement OSINT in insurance operations, companies should follow a structured framework:

• Establish policies, procedures, processes and best practices for using OSINT and other intelligence disciplines.

• Define clear objectives and scope for OSINT investigations[xi].

• Utilise various OSINT tools to gather relevant information from public sources[xii].

• Clean and organise collected data for analysis.

• Apply analytical techniques to identify patterns, trends, and insights.

• Share findings with relevant stakeholders in a clear, actionable format.

• Continuously refine the OSINT process based on outcomes and new requirements.

Best Practices

• Rely on a range of OSINT tools and sources to ensure comprehensive coverage.

• Cross-reference data from multiple sources to ensure accuracy.

• Keep abreast of new OSINT techniques and tools to maintain effectiveness[xiii].

• Adhere to legal and ethical guidelines in all OSINT activities.

• Ensure staff are well-trained in OSINT techniques and tools.

Ethical and Legal Considerations

While OSINT offers many benefits, insurance firms must use it responsibly. Investigations must comply with privacy laws and ethical guidelines:

• Ensure OSINT activities adhere to the General Data Protection Regulation (GDPR)[xiv], the Health Insurance Portability and Accountability Act (HIPAA)[xv], and other applicable data protection regulations.

• Cross-verify public information obtained through OSINT to avoid reliance on misleading or outdated data.

• OSINT investigations should respect privacy laws, avoiding unauthorised access to private accounts or violations of platform policies.

CONCLUSION

Therefore, OSINT helps insurance companies derive data-driven insights, integrate them into risk assessment and underwriting, and detect fraud to derive significant operational benefits. Applications of OSINT in the insurance sector will increase manifold with a growing quantum of public data and the innovation of newer and more innovative technologies.

But overall, it is a competitive advantage, compliance with regulations, improvement in customer experience, and insurer leeway to adapt to a new emerging landscape that strongly justifies the integration of ethics into OSINT in corporate business processes[xvi]. Prudent applications of OSINT improve productivity, reduce fraud, and heighten risk assessments.

Insurance companies that can effectively harness OSINT gain a significant advantage with stakeholders and customers. With minimal risk, proper controls and policies, and complete training, OSINT is an excellent addition to the toolkit of the responsible insurer committed to its ethical and appropriate use.

Authored by: The Coalition of Cyber Investigators with contributions from guest author Ryan Kyle, a former Royal Marine and military intelligence officer and founder of KISS (Kyle Intelligence and Security Services).

© 2025 The Coalition of Cyber Investigators. All rights reserved.

The Coalition of Cyber Investigators is a collaboration between

Paul Wright (United Kingdom) - Experienced Cybercrime, Intelligence (OSINT & HUMINT) and Digital Forensics Investigator; and

Neal Ysart (Philippines) - Elite Investigator & Strategic Risk Advisor, Ex-Big 4 Forensic Leader.

With over 80 years of combined hands-on experience, Paul and Neal remain actively engaged in their field.

They established the Coalition to provide a platform to collaborate and share their expertise and analysis of topical issues in the converging domains of investigations, digital forensics and OSINT. Recognising that this convergence has created grey areas around critical topics, including the admissibility of evidence, process integrity, ethics, contextual analysis and validation, the coalition is Paul and Neal’s way of contributing to a discussion that is essential if the unresolved issues around OSINT derived evidence are to be addressed effectively. Please feel free to share this article and contribute your views.

[i] PwC. (n.d.). Financial crime in the insurance industry. PwC. https://www.pwc.com/gx/en/industries/financial-services/publications/financial-crime-in-the-insurance-industry.html (Accessed 31 January 2025)

[ii] Ambrose, T. (2024, February 26). Woman loses £650,000 injury claim after being seen tossing Christmas tree. The Guardian. https://www.theguardian.com/world/2024/feb/25/kamila-grabska-woman-loses-650000-injury-claim-after-being-seen-tossing-christmas-tree (Accessed 31 January 2025)

[iii] Rodriguez, C., & Rodriguez, C. (2024, June 4). Open Source Intelligence (OSINT) – Transforming insurance claims - Ethos risk. Ethos Risk - Now You Know For Sure. https://ethosrisk.com/blog/open-source-intelligence-osint-is-transforming-insurance-claims/ (Accessed 31 January 2025)

[iv] Specialist, F. T. (2024, November 15). Using OSINT to detect and counter insurance fraud. Fivecast. https://www.fivecast.com/blog/using-osint-to-detect-and-counter-insurance-fraud/ (Accessed 31 January 2025)

[v] Netwach Global. (2024, April 2). Insurers that embrace OSINT throughout the policy lifecycle stand to reap the rewards through a less risky book of business - Netwatch Global. Netwatch Global. https://www.netwatchglobal.com/blogs/embrace-osint-to-reap-the-rewards/ (Accessed 31 January 2025)

[vi] Specialist, F. T. (2024b, November 15). Using OSINT to detect and counter insurance fraud. Fivecast. https://www.fivecast.com/blog/using-osint-to-detect-and-counter-insurance-fraud/ (Accessed 31 January 2025)

[vii] Social Links. (n.d.). OSINT: A weapon against insurance fraud. Social Links. https://blog.sociallinks.io/osint-a-weapon-against-insurance-fraud/ (Accessed 31 January 2025)

[viii] The dark web hosts both lawful and illicit activities and is often associated with privacy-focused forums, marketplaces, and hidden services that are not indexed by standard search engines.

[ix] Gallo, A. (2014, October 29). The value of keeping the right customers. Harvard Business Review. https://hbr.org/2014/10/the-value-of-keeping-the-right-customers (Accessed 31 January 2025)

[x] U.S. Department of the Treasury. (n.d.). Sanctions list search. Office of Foreign Assets Control. https://sanctionssearch.ofac.treas.gov/ (Accessed 31 January 2025)

[xi] SANS Institute. (n.d.). What is open-source intelligence? SANS Institute. https://www.sans.org/blog/what-is-open-source-intelligence/(Accessed 31 January, 2025)

[xii] CSO Online. (n.d.). What is OSINT? Top open-source intelligence tools. CSO Online. https://www.csoonline.com/article/567859/what-is-osint-top-open-source-intelligence-tools.html(Accessed 31 January, 2025)

[xiii] Neotas. (n.d.). Open-source investigation best practices. Neotas. https://www.neotas.com/open-source-investigation-best-practices/(Accessed 31 January, 2025)

[xiv] European Union. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). https://www.legislation.gov.uk/eur/2016/679/contents (Accessed 31 January 2025)

[xv] Centers for Disease Control and Prevention (CDC). (n.d.). Health Insurance Portability and Accountability Act of 1996 (HIPAA). CDC. https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html#:~:text=At%20a%20glance,Rule%20to%20implement%20HIPAA%20requirements. (Accessed 31 January 2025)

[xvi] Social Links. (n.d.). OSINT: A weapon against insurance fraud. Social Links. https://blog.sociallinks.io/osint-a-weapon-against-insurance-fraud/ (Accessed 31 January 2025)

[iii]