After the Anthem hack, the phishing scams begin

Well, that didn’t take long.

Within days of US health insurer Anthem announcing that hackers had broken into its servers, and accessed databases containing sensitive information about tens of millions of customers, fraudsters are taking advantage of the scare with phishing campaigns.

As if it wasn’t bad enough that a hacking gang had accessed data including names, medical IDs, social security numbers, addresses and more, other criminals appear to be exploiting the situation both online and in real-life.

As security blogger Brian Krebs reports, scammers have spammed out emails purporting to come from the breached firm.

The emails claim that the hackers might have accessed credit or debit card information. However, Anthem has specifically stated that they have no evidence that credit card information was compromised.

A press release from Anthem warns any recipients of the emails that the messages are NOT from Anthem, and warns that they are part of a campaign intended to steal personal information.

Furthermore, Anthem advises that it is not calling customers regarding the security breach and that members of the public should be on the guard for fraudsters attempting to trick them into divulging their credit card details or social security numbers over the phone.

If you are affected by the hack, Anthem says it will be in touch via regular mail instead.

“This outreach is from scam artists who are trying to trick consumers into sharing personal data. There is no indication that the scam email campaigns are being conducted by those that committed the cyber attack, or that the information accessed in the attack is being used by the scammers.”

“Anthem will contact current and former members via mail delivered by the U.S. Postal Service about the cyber attack with specific information on how to enroll in credit monitoring. Affected members will receive free credit monitoring and ID protection services.”

It certainly sounds like Anthem will be kept busy sending all those letters, as it appears the data breach may affect as many as 80 million people.

If you are worried that your personal details might have been exposed by the Anthem hack or other breaches, here are some tips to help protect you.

• When offered, sign up for legitimate credit monitoring schemes to receive an early warning if attackers are attempting to meddle with your finances.
• Be on the look out for scams. Whether they arrive via email or telephone, be on your guard against unsolicited approaches – especially if they ask you to hand over personal information on a website or launch attachments that might infect your computer. Be wary of clicking on links in emails which claim to come from the business that has been hacked. Instead, it’s generally safer to visit the website directly by entering its URL into your browser directly, or – if in doubt – contact their customer service number on the telephone.
• Remember that whenever a business asks you to confirm your identity to them, you should feel comfortable asking them to confirm that they are who they say you are too! A genuine business won’t be worried that you are double-checking they are not scammers – in fact, they should feel pleased!
• Keep a close eye on your accounts, checking your credit reports and bank statements. If you spot an irregularity, you can hopefully raise the alarm before things get out of hand.
• Get serious about protecting your online accounts. That means using different, hard-to-guess, passwords for every online account. Use password management software to remember the many complex passwords you’ll end up with, as it will be impossible to remember them all by yourself. Where possible, enable two-factor authentication to provide a higher level of account security.