Learn how to identify phishing attempts and keep your business safe.

In 2015, hackers stole almost 80 million members’ data from Anthem health insurance. Their success proved that even the healthcare industry cannot keep personal data safe. The hackers used a phishing email to enter systems. They stole data like email addresses, social security numbers, and healthcare identification numbers. The breach was astronomical and affected many of Anthem’s health insurance brands including Anthem Blue Cross Blue Shield, Anthem Blue Cross, Amerigroup, and Caremore. Even though Anthem acted quickly to stop the bleed, the damage had already been done.

Not only a breach of trust with Anthem’s millions of members, it also cost Anthem significant time and money. The company reached a settlement in September 2020 for almost 40 million dollars.

What is Phishing? 

Phishing is the ultimate 21st century scam. Unlike the spam chain emails of the early 2000s, phishing is sophisticated. It often comes in the form of a benign-looking email or text. Since 2015, many have learned from Anthem’s example and started to implement new methods to ensure information and ID security.

Phishing vs. Spear Phishing

Phishing and spear phishing are the two main types of this style of email and text data breach as defined by our security training partner, KnowBe4:

Phishing: “Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters. Emails claiming to be from popular social websites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.” -KnowBe4

Spear Phishing: “Spear phishing is an email targeted at a specific individual or department within an organization that appears to be from a trusted source. It’s actually cybercriminals attempting to steal confidential information. A whopping 91% of cyberattacks and the resulting data breach begin with a spear phishing email, according to research from security software firm Trend Micro. This conclusively shows that users really are the weak link in IT security.” -KnowBe4

What to Look For

Knowledge is the first line of defense. There are a few ways to determine whether a mode of digital contact is legitimate vs. phishing. The following are five ways to identify these scams:

1.     Are words misspelled or misrepresented? For example, “www.amazon.com” could be spelled as “www.amazoan.com” – a change that a quick scan of the document might not catch.

2.     Is the message in any way threatening? Oftentimes, phishing emails will include threats involving timeliness or missed opportunities. For example, “You must submit your payment information by X date, or your account will be canceled.” A spear phishing email in this instance might include information specific to you. This does not mean that the message is a valid request.

3.     Are they promising you something? A phishing email could include promises to win prizes or money if you submit information. The graphics and layout of the email could be identical to enews you receive from a trusted source.

4.     Are there odd file attachments? The body of the email is not the only factor to worry about. Be on the lookout for strange looking attachments such as oddly named files or file formats.

5.     Do you recognize the sender and other email addresses? Make sure you are familiar with the sender’s email address–especially if your email is part of an anonymous group of emails.

How to Set Up Safeguards

Now that you know what to look for, here are five practical ways to protect your and your customers’ data:

1.     Use a variety of passwords across your digital accounts. It’s difficult to maintain passwords. But, do not use one password for all your accounts. This weakens your defenses against hackers. Several operating systems and web browsers offer “keychain” functions to keep your passwords safe.

2.     Enable two-step authentication. This is another great way to keep access to your accounts and information secure. The two-step authentication is a second line of defense between personal information and hackers.

3.     Email filters. Keep phishing emails out of your inbox by setting specific spam filters in your email account. This method may not catch every phishing email, but it will help keep the majority in check.

4.     Install anti-virus software. Make sure your anti-virus software is up-to-date and includes anti-phishing capabilities.

5.     Educate. The most important thing you can do is educate yourself and your colleagues so that you can ensure that the network data is secure.

How Staying Protected Will Help You

Safe data means safe business. This will help protect people and their information, and also save time, money, and gross inconvenience. You can protect yourself against severe consequences if you know what to look for.

In addition to methods discussed here, further resources can be found at:

CPO Magazine


University of Chicago