Phishing Scams Flood Anthem Data Breach

It didn’t take long for the phishers and fraudsters to join in on the Anthem health insurance providers’ data breach woes that began last week.

The story started when the nation’s second largest health insurer, Anthem Inc., was breached, allegedly by a Chinese cyber crime ring known as “Deep Panda.” Though the breadth of the breach is unknown, it’s suspected as many as 80 million Americans could have had their social security numbers, email addresses, name and physical addresses compromised in the latest attack. Luckily for those hacked, no payment card details were skimmed, and there’s no evidence any sensitive health data was compromised.

But that doesn’t mean they are out of the woods just yet as MPD CEO Karen Webster pointed out in her recent piece, “the errant social security numbers leave open virtual buffet of fraud options.” And the buffet appears to be one the latest group of fraudsters are looking to fill up on through the series of phishing scams. The latest action includes following up Anthem’s breach with an email scam about a year of free credit monitoring. Anthem notified their customers that they’d be following up in the coming weeks, but the phishers took it upon themselves to send out their own scam version with links. To combat the false letter, Anthem was forced to notify its customers about the cold-calling the scammers are doing.

“These emails and calls are not from Anthem and no notifications have been sent from Anthem since the initial notification on Feb. 4, 2015,” Anthem said on its toll-free hotline recording to warn customers of the most recent scams.

So far, there isn’t any indication that the phishing or phone scams have anything to do with the recent data breach, but as a KrebsOnSecurity article points out: “There is always the possibility that the data stolen from Anthem has fallen into the hands of scam artists.” In the meantime, Anthem says it will be sending out physical letters to customers in the next few weeks.