This blog recently reported on the massive data breach at Anthem Inc., the second largest provider of health insurance in the country. The data breach, which forensic investigators are now reporting could have begun as early as April of last year, has the potential to affect over 50 million people currently insured through Anthem or one its subsidiaries. In response to this breach, Anthem has sent out many emails to customers explaining the breach, the nature of the information obtained by the hackers responsible for the attack, and what these customers can do to protect themselves from additional exposure. In an official statement issued once the breach was made public, Anthem insists that it will notify all affected customers by mail to describe exactly what protections are being offered.
Unfortunately, this hasn’t stopped scammers from trying to capitalize on this tragic data breach. Multiple phishing emails have already been spotted in the wild that look like an official communication from Anthem. In this email, customers are offered one year of free credit monitoring as a result of the breach if they click on the link embedded within the email. At the time of this writing, this blog has been unable to obtain a copy of the fake email and as such, do not know where the link actually leads.
That said, Anthem has already confirmed that the email is not genuine and the link likely leads to a malicious site designed to extract even more information from potential victims.
Anthem also confirmed (in another statement) that it is aware of a large number of phone scams associated with the breach as well. It appears that criminals are cold calling people in an attempt to gain more information, although at this time it isn’t 100% clear if the data stolen from the breach has fallen into the hands of these scammers or if it is a random attempt to capitalize on news of the breach.
Anthem has gone on record stating that “These emails and calls are not from anthem and no notifications have been sent from anthem since the initial notification on Feb. 4, 2015”. While it still could be a few weeks before actual Anthem notifications begin arriving to affected customers via snail mail, security experts agree that these email and phone scams will continue to be a popular tactic for scam artists and may even increase in frequency as awareness of the breach grows.
If you are someone you know are a current or former Anthem customer, keep in mind that any emails or phone calls are NOT legitimate and should be disregarded immediately.
Links embedded within these rogue emails are likely to bring victims to phishing sites created to extract additional information or to use drive-by download techniques to install malware on the PC. To protect yourself, immediately delete any emails purportedly from Anthem and do not provide any personal information via the phone should be contacted by an “Anthem” representative.