Anthem breach victims hit with yet another phishing scam

It’s been just a few weeks since Anthem held its hands up and confirmed it had fallen victim to a cyber attack.

According to reports, the incident is the largest data breach ever to hit the US health care sector, with as many as 80 million current and former Anthem customer records affected. As reported by IT Security Guru earlier this week, investigators now believe the hackers somehow compromised the credentials of five different tech workers, possibly through a phishing campaign that could have tricked a worker into unknowingly revealing a password or downloading malicious software.

In a cruel twist of fate, it now appears that those impacted by the breach are themselves being targeted by scammers, as confirmed by a phishing email shared by an eagle eyed individual with IT Security Guru:

Anthem Phishing Message 1

Having investigated the message, Ronnie Tokazowski, senior researcher at PhishMe confirmed that “there’s a second link concealed under what would otherwise appear to be a legitimate link to ‘anthemfacts.com’.”

The danger, as was the case with this email, is that the intended recipient mistook it for a genuine communication from Anthem and forwarded it to all employees within the organisation – in effect spreading the phisher’s net even wider plus potentially legitimising the scam.

Of course spam remains as much of a problem as phishing. Research by Proofpoint revealed that the decline in the overall volume of unsolicited email was outweighed by a dramatic increase in maliciousness. Attackers generated more URLs (and sent each URL to a smaller number of recipients) in attempts to improve the chances of evading blocking by URL reputation filters, and the URLs generally used more sophisticated exploits.

Also, the percentage of malicious URLs in unsolicited emails surged to an average of ten per cent in 2014 while by the end of 2014, malicious attachments played a much larger role in attackers’ campaigns, with banking Trojan, Dridex campaigns and other botnets attempting to send massive volumes of attachments and messages.

In a statement issued last week, Anthem warned individuals to be on their guard from emails claiming to have been sent by the organisation, confirming ‘Anthem will contact current and former members via mail delivered by the U.S. Postal Service about the cyber attack with specific information on how to enrol in credit monitoring.For anyone affected by the breach, and looking for further information, the legitimate domain is http://anthemfacts.com

Till next week, stay safe.

Dulcie McLerie is a director of Smile on Fridays

The post Spam Gazing – Anthem breach double phishing whammy appeared first on IT Security Guru.