Anthem Hack Has Bad Guys Descending To New Depths

Anthem hack - sample phishing email

Anthem, the second-largest health insurer in the country, revealed last week that hackers have stolen account information for 80 million customers – names, birth dates, medical IDs, Social Security numbers, street addresses, email addresses, and employment information. It puts all those people – and 80 million is a lot of people – at risk of identify theft.

That’s not the bad part. It’s the follow-up that will make you despair and feel hopeless.

Many of the affected people are getting emails or phone calls from Anthem advising them of the hack and offering to set them up with a free year of credit monitoring – a typical response from companies in this position.

Can you see it coming?

The emails and phone calls are not from Anthem. They’re from bad guys. The links in the email messages don’t lead to free credit monitoring, they lead to phony websites designed to collect credit card info and even more personal data. A sample of the phony email is above, from security researcher Brian Krebs. There is nothing obvious that gives it away as a scam.

The bad guys started sending the scam emails within hours after the hack was announced. No one knows if it’s the same bad guys, or if the messages are targeting people whose information was stolen. The Anthem hack affects 25% of the US population – completely random emails have a pretty good chance of hitting Anthem customers.

Anthem was forced to issue a statement that it will not communicate with any Anthem customer by email or phone about the hack. The only thing you can trust from Anthem will come via “mail delivered by the US Postal Service.” Remember postal mail? It’s ironic that the mail has become the last remaining trustworthy way to communicate.

If you’re an Anthem customer and you get an email or phone call about the hack: Don’t reply. Don’t click on links. Don’t open attachments. Delete the message. Hang up the phone.

Think about how evil someone has to be to prey on people like this.

There doesn’t seem to be any limit to how paranoid we have to be right now. Follow the Rules For Computer Safety and be careful out there!