Email phishing related data breach strikes CareFirst
Late last week, CareFirst BlueCross BlueShield said that it was the victim of a data breach which potentially exposed the personal information of 6,800 of its members including names, member identification numbers and dates of birth. In eight cases, social security numbers could have been exposed.
CareFirst believes the breach was the result of an email “phishing” scheme. Phishing attacks use deceptive emails and websites to convince people to disclose personal information. Phishing has become one of the most pervasive problems facing data security staffs today. Generally speaking, a basic phishing attack is relatively easy to conduct and inexpensive for the attacker.
When you are going through your email and before you click that link, consider these rules of thumb before opening or clicking any links.
- Does the email ask for personal or sensitive information, such as your date of birth, Social Security number, an account number or login credentials? Most legitimate businesses do not request such data in an email.
- Does the email asks you to click on a link to access a web site? If so, that site might be fake.
- Does the email have a generic salutation rather than your name? Your bank or service provider know who you are and normally will address you by name.
- Does the email have an attachment? If you are not expecting an attachment, don’t click on it. Confirm its validity first with the sender.
- When you move your mouse over the email, is the entire email a hyperlink? If so, it likely is a phishing attack.
- If the email makes an offer too good to be true, such as a large sum of money, a prepaid gift card or an expensive piece of electronics for free, it’s likely a phishing attack.
- Be careful of emails that make an emotional plea while asking for money. While many charities use such tactics, it also is a popular approach used by phishers.
- If the email claims you have an immediate problem, such as a virus or that you are running out of email storage space, and you must take immediate action, be careful. This is a common phishing tactic.
- If the email makes a direct threat and requires that you take immediate action by clicking a link for the IRS, a police agency or the like, it’s probably fake.
- An email might appear to be from a friend asking for money. Never send money without calling the friend first to confirm the request.
Find out just where you are with your tech. Technology should never be considered a “set it and forget it” part of your business. It takes constant tweaking, monitoring and maintenance to make your system reliable. You should strongly consider having a formal IT Security Assessment performed on your system no matter how large or small your business is as these formal scans can give you an excellent chance to find out just where you have vulnerabilities.
We can assist you with any of the above protection measures mentioned above. It is far less costly to be proactive than it is to be reactive. NOW is the time to find out, not later or even worse… after!