Pierluigi Paganini February 09, 2015

Following the Anthem data breach, cyber criminals launched phishing campaigns to harvest customers’ personal information and credentials.

A few hours after disclosure of the news of the data breach suffered by the nation’s second largest health insurer Anthem cyber criminals started sending phishing emails related to the cyber attacks.

The Anthem incident could potentially impact millions users, a great opportunity for criminals crews that are trying to exploit the news to lure victims into provide personal information, as well as their credentials.

The Anthem is aware of the phishing campaigns triggered by the data breach, for this reason it is warning its customers of the potential risks.

The company explained to its customers that it will contact its customers via the national email service to provide all the necessary instruction to protect them. Anthem also warned its customers that cyber criminals could also exploit phone calls for fraudulent activities.

“Anthem will contact current and former members via mail delivered by the U.S. Postal Service about the cyber attack with specific information on how to enroll in credit monitoring. Affected members will receive free credit monitoring and ID protection services,” the company said in an official statement.

In the following image is reported an example of a phishing email sent by cyber criminals, the communication appears as legitimate, but a careful reading reveals several grammatical errors.

The text used by criminals to deceive victims into disclose personal information and sensitive data is:

“We wanted to make you aware of a data breach that may have affected your personal health information and credit card data. The data which was accessed may impact clients who made credit or debit card payments for healthcare or who got treatment during the year 2014. Your trust is a top priority for Anthem, and we deeply regret the inconvenience this may cause. The privacy and protection of our client’s health care information is a matter we take very seriously and we are working diligently to resolve the incident. To subscribe to a free year of credit card account protection please click on the link below and follow the instructions that will be required:” 

Anthem confirmed that financial data wasn’t disclosed in the data breach, but the email was composed with the specific intent to collect credit card data from victims by promising a protection service against scams.

This phishing campaign is the demonstration of the efficiency of the criminal industry that is able to exploit any situation to monetize its efforts.

In time I’m writing there is no official link between the responsible of the data breach and the bad actors between the phishing campaign.

Resuming, even if you will receive an email from Anthem follow the following suggestions:

• DO NOT click on any links in email.
• DO NOT reply to the email or reach out to the senders in any way.
• DO NOT supply any information on the website that may open, if you have clicked on a link in an email.
• DO NOT open any attachments that arrive with email.

Anthem is not contacting its customers by phone neither by email.

(Security Affairs –  Anthem, phishing)