A one-two punch for the victims of the Anthem data breach: individuals who were impacted by the massive cyber attack on the health insurance provider which affected up to 80 million Americans, are now being warned that they’re being targeted by scammers who are trying trick the victims into revealing additional personal information. Scammers are running email phishing campaigns, and even placing phone calls to affected customers, Anthem says.
The phishing emails have been crafted so they appear to be from Anthem, and include a “click here” link that purportedly takes customers to a credit monitoring website.
According to an advisory issued by Anthem, these emails are not coming from the company itself, as it only plans to contact current and former members via U.S. Postal mail, not email. These forthcoming mailings will include information on how to receive the free credit monitoring and the ID protection services that Anthem is providing.
Additionally, the insurer reminds customers that not only should they ignore the scam emails and not click the links they contain, it will also not be calling members by phone, and will not be asking for sensitive information like credit card numbers or social security numbers over the phone.
However, notes Anthem in its announcement, there’s no evidence that the scammers sending out the phishing emails or placing the phone calls are those who originally attacked the network. Instead, it’s likely that these scams are “random and opportunistic,” says security expert Brian Krebs in a post where he discusses the scams, noting that it’s possible that the hacked data has simply fallen into the hands of other scam artists.
The Anthem data breach was significant, with cyber criminals gaining access to names, social security numbers, date of birth, addresses, phone numbers, medical IDs and more from the company’s customers. There’s currently some speculation that the attack was led by state-sponsored hackers in China, but the FBI has not confirmed this.
Today, New York’s Financial Services Department also announced that it’s planned cybersecurity reviews of insurers in wake of the Anthem attack, and will issue “enhanced regulations” that will require insurers to meet “heightened standards for cyber security.”
Victims of the data breach can get more information from Anthem’s toll-free hotline: 877-263-7995.
Image credit: Krebsonsecurity.com