Scam of the day – May 24, 2015 – CareFirst Blue Cross Blue Shield hacked

Health insurer Care First Blue Cross Blue Shield became the latest victim of hacking in the health care industry.  This latest hacking which was only just announced a couple of days ago, but occurred in June of 2014 is just the latest in a series of data breaches at major health care companies and insurers including Anthem and Premera.  More than a hundred million people have had their personal information compromised in these data breaches leaving them in serious danger of identity theft.  The Care First hacking affects more than a million of its present and former customers.  The breach was discovered a month ago during a routine forensic review of its computer networks.  Fortunately, neither Social Security numbers nor credit card numbers were lost in the data breach.  However, the hackers did manage to steal the names of present and former customers, email addresses, birth dates and Subscriber ID numbers, all of which could be used by the hackers for targeted email spear phishing by which intended targets of the identity thieves receive emails that, due to the information contained within them as well as the fact that they are directed to the individual by name, appear to be legitimate.  In these emails, in which the identity thief poses as a legitimate company doing business with the targeted person, the intended victim is lured into either clicking on links containing keystroke logging malware or into providing personal information in response to the email.  In either of these situations, if the intended victim clicks on the link or provides the information, he or she will quickly move from intended victim to actual victim.

TIPS

Remember my motto, “Trust me, you can’t trust anyone.”  Never provide personal information to anyone who contacts you by email, text message or phone.  You can never be sure if they are legitimate.  Never click on links in emails or text messages until you have actually confirmed that the communication is legitimate.  If you think such an email or text message might be legitimate, contact the real company at a phone number or email address that you know is accurate to confirm whether or not the email or text message you received was legitimate.  With so much information about all of us available either in public data bases or by way of data breaches of companies with which we do business, you can’t trust an email, text message or call regardless of how legitimate it may appear.  Always verify before providing personal information.