Scammers lure with free credit monitoring services

Feb 7, 2015 09:03 GMT  ·  By

Cybercriminals have already started to take advantage of the data breach incident at Anthem and have begun sending out emails claiming to be from the health insurer, luring recipients into accessing a link directing to a phishing page.

News about the Anthem breach broke on Wednesday, when an official statement from the company’s president and CEO Joseph Swedish announced that unknown attackers had managed to penetrate the computer network and steal sensitive information belonging to clients.

The stolen data includes names, birthdays, medical IDs/social security numbers, street addresses, email addresses, employment and income-related information.

Malicious campaign relies on info publicly disclosed by Anthem

Tens of millions of individuals are impacted, as Anthem is the second largest health insurer in the United States, with 37.5 million members being enrolled to a family or health plan, and more than 68 million people having been served by its affiliated companies.

Anthem warned on Friday that the scammy emails currently sent out included a link for recipients to subscribe to free credit monitoring allegedly offered by the company. The goal, however, is to obtain financial information that could lead to fraudulent card transactions.

Although no financial data was compromised during the incident, the company did promise in the official disclosure announcement free credit monitoring services to the affected individuals.

Another factor that could contribute to the success of the scam is that the real data loss notifications are still to be delivered by the company. Since people are expecting such a letter, cybercriminals are highly likely to be more successful in their malicious operation.

Wait for the postman to deliver the Anthem letter

On the other hand, data breach notifications are most of the times sent through snail mail, which is also the case here.

“Anthem will contact current and former members via mail delivered by the U.S. Postal Service about the cyber attack with specific information on how to enroll in credit monitoring,” the company says in its warning about phishing attacks.

When a major incident occurs, scammers are quick to take advantage of it by initiating spam campaigns themed accordingly in order to deliver malware pieces to unsuspecting users or to direct them to phishing pages.

If such emails reach one’s inbox, the recommendation is to delete them immediately and not to engage with them in any way (replying, clicking on a provided link, opening attachments or offering personal information).

Furthermore, the company does not ask for credit/debit card information or social security numbers over the phone or via email.

The wise choice is to wait for the postman to deliver the letter and follow the included instructions.