Skip to main content

Phishing attacks prey on victims of massive Anthem health insurance hack

Phishing attacks prey on victims of massive Anthem health insurance hack

Share this story

Aaron P. Bernstein/Getty Images

Fraudsters and hackers have seized on this week's massive hack of Anthem — the second largest health insurance company in the US — as an opportunity to perpetrate phishing scams. Cybercrime journalist Brian Krebs reports that subscribers past and present to Anthem services like Blue Cross Blue Shield have started receiving phishing emails that purport to be from the company.

Beware phony emails and phone calls

The emails promise free credit monitoring service, and encourage recipients to click on a link in the email to enable a free year of credit card protection. Anthem has confirmed to Krebs that while it will be offering a credit monitoring service, it has not yet sent out any such emails. Making matters worse, some have received cold calls from fraudsters who claim to be with Anthem. Both are clearly illegitimate and likely seek to obtain sensitive information for nefarious uses.

In a press release, Anthem notes that it will not email nor phone customers with information on credit monitoring services. Instead, it will send letters to affected households soon.

anthem phish

It's not clear if the data obtained from the breach — which affected upwards of 80 million people — is being used to carry out these phishing scams, or if scammers are merely playing the numbers game and hoping the messages and calls find their way to Anthem customers.

The hack, which was announced this past week, compromised tens of millions of Social Security numbers, names, birth dates, addresses, and phone numbers, as well as corresponding employment information and member numbers. The information was unencrypted. There's no sign yet that the data has been distributed publicly, and some experts suggest that the hack was carried out by sponsored Chinese agents as part of broader espionage efforts on select individuals.