In the wake of the Anthem breach, we are getting several reports of phishing scams. These scams, designed to capture personal information (known as "phishing"), are designed to appear as if they are from Anthem, and the emails include a "click here" link for credit monitoring.
Due to the volume of information the Anthem breach involves, the names of potentially affected individuals are not yet known and hackers will take full advantage of that. The cyber attacker(s) who gained unauthorized access to Anthem’s IT system and obtained personal information on current and former Anthem members may be using that information and/or the natural human response of fear to trick people into breaking normal security procedures.
If you receive an email like this:
· DO NOT click on any links in the email.
· DO NOT reply to the email.
· DO NOT supply any information on the website that may open, if you have clicked on a link in the email.
· DO NOT open any attachments that arrive with the email.
We have posted a note from the state attorney general on the Highmark Website.
What you need to watch for
We are aware that some of the personal information attackers obtained during this breach included names, birthdays, medical IDs, social security numbers, street addresses, email addresses and employment information, including income data. This type of personal information enables hackers to create very realistic phishing scams that prey on human emotions and tendencies.
Since we are still uncertain about how this issue might impact our members, it is critical for you, as Highmark employees (and members), to be vigilant when clicking on links in emails sent to your work and/or your personal email accounts.
One of these phishing emails may read something like this:
"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
Keep in mind that trusted parties will never ask you for sensitive information in an email.
What you need to do
The best way to avoid falling victim to any phishing scam is to verify the source:
· Verify URLs - Hover over links to see where they are really trying to send you. Many fake URLs may look convincing. When in doubt, use a search engine and find the URL yourself, rather than clicking. The extra 10 seconds it takes to search for a site yourself is worth the effort—it can save the company hours of device repair, protect your sensitive information and even prevent identity theft.
· Verify senders - Even if the message appears to be from a trusted sender, it could be a scammer impersonating a friend or coworker. Verify that the sender actually sent the message.
Additional cautions
· Read carefully - Email scammers can make email addresses look similar to a legitimate domain. Look for misspellings in the message or bad formatting.
· Heed alerts - Colleagues or friends may unknowingly send infected links or files to download, and there is a chance it could be infected because they had out-of-date security software or they ignored an alert. If your security software warns you that the link or attachment is malicious, do not click or download the content.
February 12, 2015- -
-
Report
February 12, 2015- -
-
Report