Scammers Phishing for Information After Anthem Breach
Anthem Inc., the nation's second-largest health insurance company, announced recently that it was the victim of a cyberattack that exposed the personal information of more than 80 million consumers.
Exposed information included consumers' names, Social Security numbers, and dates of birth.
According to the company's website, the breach could affect both current and former customers of the company dating back to 2004, as well as customers of independent Blue Cross and Blue Shield companies from 14 states.
In an attempt to take advantage of nervous consumers—even those who have not been impacted by this breach—scammers and identity thieves have launched phone and email attacks to steal personal information.
"When an organization gets hacked, the scammers can potentially reach a customer database. Then, they can take the email addresses and create customized phishing emails because they know who is a customer," says Lance Spitzner, Training Director for the SANS Securing the Human program.
How scammers are exploiting the breach
Consumers should be on the lookout for phishing and phone scams even if they do not believe their information was exposed. According to Anthem, some scammers are calling consumers, pretending to represent the company, and then offering false assistance in order to obtain personal information. The targeted consumers may not necessarily be victims of the breach—these could be cold calls capitalizing on consumer fears in the aftermath of this attack.
Phishing scams are also a threat. In these cases, scammers email consumers, claiming to be from Anthem, and then provide a link to obtain identity protection or some other service. If consumers provide personal or financial information this way, it can be used to commit identity theft.
Anthem has said that it will not contact consumers by phone or email, so a consumer who receives messages this way may be in a scammer's sights. Consumers impacted by the Anthem breach will instead receive physical mail through the U.S. postal service (USPS) with specific information on how to enroll in free credit monitoring and identity protection. The company has also directed consumers to call 877-263-7995 to access some of these tools.
If you are concerned about a threat to your identity, the FTC suggests placing a credit freeze or fraud alert on your accounts, as well as obtaining a free copy of your credit report through annualcreditreport.com. These steps may not stop a fraudster from taking advantage of your exposed information, but they can help you notice problems before they worsen.
The investigation into this cyberattack is ongoing, but consumers can still take action to protect their identities by monitoring their accounts and statements and reporting any suspicious activity to their bank or the FTC.
Even if your data was not compromised in a breach, according to Spitzner it is important to remain vigilant. All a scammer needs is an email address to contact you and trick you into exposing more data.
"People should always be on the lookout for phishing," he says. "It is the number one way for scammers to get your information."