The US health insurer Anthem has warned users to be wary of phishing campaigns following the recent attack and data breach.
In a press release, Anthem said that the scams are designed to capture personal information are designed to appear as if they are from Anthem, and the emails include a “click here” link for credit monitoring.
“Anthem is not calling members regarding the cyber attack and is not asking for credit card information or social security numbers over the phone,” it said. “This outreach is from scam artists who are trying to trick consumers into sharing personal data. There is no indication that the scam email campaigns are being conducted by those that committed the cyber attack, or that the information accessed in the attack is being used by the scammers.”
Following the breach, Anthem said it will contact current and former members via postal mail with specific information on how to enroll in credit monitoring.
Tim Erlin, director of security and risk at Tripwire, said: “Don’t expect Anthem, or any other company, to step up to the plate on addressing this issue until it directly affects their business. The fact that we don’t have stronger authentication for email communications is evidence that, while pervasive, these scams have minimal impact on the businesses they impersonate. In the wake of recent breaches, there is an opportunity for organisations to create a competitive differentiator by providing more assurance around their communications.”
Kevin Epstein, VP of advanced security and governance at Proofpoint, said: “Over the coming weeks and months, consumers will learn more about what the hackers may have stolen. Much of a data breach is ‘wait-and-see’ because even if the information is stolen, it may not be used for several months or years.
“The immediate concern of this data breach is identity theft. Anyone who thinks they may have been impacted by this breach should contact their credit agency and issue a fraud lock, protecting consumers from having their personal information used to open new lines of credit. In terms of personal health information, if it is revealed that this was stolen, consumers must immediately engage with law enforcement officers.”
Craig Young, security researcher at Tripwire, said: “The toll free number and dedicated website are both excellent verification steps for consumers. Anthem should be encouraging individuals to refer to these services to verify information about the breach.”