Industry News

After the Anthem hack, the phishing scams begin

Well, that didn’t take long.

Within days of US health insurer Anthem announcing that hackers had broken into its servers, and accessed databases containing sensitive information about tens of millions of customers, fraudsters are taking advantage of the scare with phishing campaigns.

As if it wasn’t bad enough that a hacking gang had accessed data including names, medical IDs, social security numbers, addresses and more, other criminals appear to be exploiting the situation both online and in real-life.

As security blogger Brian Krebs reports, scammers have spammed out emails purporting to come from the breached firm.


The emails claim that the hackers might have accessed credit or debit card information. However, Anthem has specifically stated that they have no evidence that credit card information was compromised.

A press release from Anthem warns any recipients of the emails that the messages are NOT from Anthem, and warns that they are part of a campaign intended to steal personal information.

Furthermore, Anthem advises that it is not calling customers regarding the security breach and that members of the public should be on the guard for fraudsters attempting to trick them into divulging their credit card details or social security numbers over the phone.

If you are affected by the hack, Anthem says it will be in touch via regular mail instead.

“This outreach is from scam artists who are trying to trick consumers into sharing personal data. There is no indication that the scam email campaigns are being conducted by those that committed the cyber attack, or that the information accessed in the attack is being used by the scammers.”

“Anthem will contact current and former members via mail delivered by the U.S. Postal Service about the cyber attack with specific information on how to enroll in credit monitoring. Affected members will receive free credit monitoring and ID protection services.”

It certainly sounds like Anthem will be kept busy sending all those letters, as it appears the data breach may affect as many as 80 million people.

If you are worried that your personal details might have been exposed by the Anthem hack or other breaches, here are some tips to help protect you.

  • When offered, sign up for legitimate credit monitoring schemes to receive an early warning if attackers are attempting to meddle with your finances.
  • Be on the look out for scams. Whether they arrive via email or telephone, be on your guard against unsolicited approaches – especially if they ask you to hand over personal information on a website or launch attachments that might infect your computer. Be wary of clicking on links in emails which claim to come from the business that has been hacked. Instead, it’s generally safer to visit the website directly by entering its URL into your browser directly, or – if in doubt – contact their customer service number on the telephone.
  • Remember that whenever a business asks you to confirm your identity to them, you should feel comfortable asking them to confirm that they are who they say you are too! A genuine business won’t be worried that you are double-checking they are not scammers – in fact, they should feel pleased!
  • Keep a close eye on your accounts, checking your credit reports and bank statements. If you spot an irregularity, you can hopefully raise the alarm before things get out of hand.
  • Get serious about protecting your online accounts. That means using different, hard-to-guess, passwords for every online account. Use password management software to remember the many complex passwords you’ll end up with, as it will be impossible to remember them all by yourself. Where possible, enable two-factor authentication to provide a higher level of account security.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.


Click here to post a comment
  • I’ve seen a copy of this email, and it isn’t a phishing email. Instead it appears to be part of a training exercise run by a company called KnowBe4 LLC which is designed to *look* like a phish. I’ve checked the link in the email and I can confirm that the domain belongs to KnowBe4, not a malicious actor.