back to article Phishers, scammers pile into worried Anthem customers in FRAUD FRENZY

Hacked healthcare corporation Anthem has had to issue a special warning to current and past customers as hackers have already started to work though records purloined earlier this year. "Individuals who may have been impacted by the cyber attack against Anthem, should be aware of scam email campaigns targeting current and …

  1. Anonymous Coward
    Anonymous Coward

    I'm surprised...

    Someone hasn't tried to inject a watering hole attack on the separate domain Anthem put up to answer questions. Though I suppose it could just as easily be a honey pot managed by a security company. Odds are they'd only catch the guys trying to take advantage of the situation rather than the original hackers.

    1. Mark 85

      Re: I'm surprised...

      You're probably right much like the emails that suddenly popped up. I'm laying odds those aren't from the original either but opportunists. Still, some folks that respond without due diligence on the emails are probably going to get hit twice.

      First lawsuit for >$5 million which makes wonder if the amount is open-ended? Chicken feed if it's not open-ended but I guess they wanted to file first.

  2. Anonymous Coward
    Anonymous Coward

    Ouch! This is Sick....

    Its the virtual equivalent of this...

    Man steals purse from dying woman hit by lorry

    1. Anonymous Coward
      Anonymous Coward

      Re: Ouch! This is Sick....

      Why the downvotes?

  3. Compression Artifact

    Not Surprised

    I use a different email address with each company I deal with; so if I ever get spammed, I know whose customer database got leaked. In mid-December, 2014, the special address I use for Anthem and the state health exchange started getting weird emails. They claimed to be either Anthem or the exchange (or their representative), but all the links went to strange domains.

    Anthem could not tell me whether they were subcontractors (running surveys, etc.) or scammers using leaked email addresses. These emails had all the hallmarks of the latter. Even if they were the former, I would consider sharing my email address with marketroids to be a HIPAA privacy violation.

    When the breach was announced a couple of evenings ago, my first thought was "Finally, they noticed."

    1. Anonymous Coward
      Anonymous Coward

      Re: Not Surprised

      I swear companies & corporations are so lazy sometimes, so inept, or have outsourced to such a degree that they can't even do simple data analytics anymore. In doing so, they're opening themselves up to endless security nightmares...

      Its extraordinary how many companies just willingly ship off their entire contact databases to 3rd parties for surveys, even though the 3rd party site frequently just offers simple forms... Why take that risk versus designing surveys in-house?

      But senior executives only see are the joys of outsourcing... Hey look at all the money we can save, early retirement here I come, with fuck all regard to future intrusions... Fuck the CIO's and CEO's that think this way! Serious pain is coming your way someday if you don't change gear, as the number of yearly corporate hacks will only skyrocket from here...

      1. Compression Artifact

        Re: Not Surprised

        To get a small sample of these entities to which Anthem is outsourcing, go to their web site and check out all the domains that are running JavaScript on the various pages you are using while logging on to your account. Anthem trusts that they will not get hacked themselves and do anything nefarious; but I don't.

        Fortunately, almost all of these domains (including the most questionable) can be selectively blocked with NoScript with no apparent loss of website functionality. I.e., in addition to having no role to play in my health care, many of these subcontractors seem to have no legitimate role in the mechanics of the website.

  4. EJ

    Before California gets too high and mighty here, I just had a buddy purchase a Cisco ASA firewall on eBay cheap. He turns it on and finds it has a configuration already in place. Turns out it is from the California Department of Parks & Recreation. No wipe, and the thing was on their network as recently as October 2014. Shining example of security awareness right there.

  5. Tree

    Hope the people in Covered California exchange lose money

    These nincompoops who thought up this thing were vastly overpaid for the lousy work they did and should compesate us taxpayers and consumers for all the wasted hours we spent. They thought that they were the really smart scammers.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hope the people in Covered California exchange lose money

      This nincompoop posted a comment that has nothing to do with Anthem. DUH.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like