Emails used to harvest personal information and credentials Credit: Thinkstock Hours after the nation’s second largest health insurer announced that they’ve suffered a data breach that could impact millions of people; criminals started sending Phishing emails related to the incident, seeking personal information, as well as usernames and passwords.The volume of scam email has reached such a level that even Anthem themselves are warning consumers to remain vigilant.According to Anthem’s alert, current and former Anthem members are being targeted by crooks in an attempt to capture personal information and other details such as usernames and passwords.XSS has seen the Anthem Phishing email from three different sources, a screenshot of the email is posted below. At a glance, the email looks legitimate – except for one large mistake. The message itself states:“We wanted to make you aware of a data breach that may have affected your personal health information and credit card data. The data which was accessed may impact clients who made credit or debit card payments for healthcare or who got treatment during the year 2014.“Your trust is a top priority for Anthem, and we deeply regret the inconvenience this may cause. The privacy and protection of our client’s health care information is a matter we take very seriously and we are working diligently to resolve the incident. To subscribe to a free year of credit card account protection please click on the link below and follow the instructions that will be required:”There are several grammatical errors in the message formatting and wording; however the key phrase that proves this email is a criminal attempt to access your personal information centers on credit cards. None of the data at Anthem that was compromised is financial, something the company pointed out immediately when they disclosed the breach.This email, and others like it, are a perfect example of criminals jumping on the bandwagon of a trending news story in order to propagate their scam.Anthem says that there is no proof that those responsible for the Phishing attack are the same ones responsible for the breach, and they’re correct – because the person(s) responsible for the breach already have the data they were after.It’s important to remember that Anthem will not email you about this breach and ask for additional information. On that note, they wouldn’t call you either – so phone calls are also scams.“Anthem will contact current and former members via mail delivered by the U.S. Postal Service about the cyber attack with specific information on how to enroll in credit monitoring. Affected members will receive free credit monitoring and ID protection services,” the company said in a statement regarding the Phishing emails.Update: The email subject in at least one of the emails circulating is “Cyber Attack Against Anthem.” XSS is attempting to gather additional information on other variants reported to have started circulating over the weekend, so far there is confirmation on this. Related content news Buying fraud right off the virtual rack Report states online attacks continue to rise, especially for retail sites By Ryan Francis Apr 26, 2017 7 mins Fraud Security news analysis The 7 worst automation failures A list of the moments when technology monumentally backfired, putting security at risk. By Ryan Francis Apr 14, 2017 7 mins IT Strategy Network Security Security news Bot attacking gift card accounts Your gift card might not be worth anything By CSO Staff Mar 24, 2017 3 mins Fraud Security news Report says smart people do dumb things online People from the religious and legal fields were considered lazy for not following security standards. By Ryan Francis Mar 21, 2017 3 mins Identity Management Solutions IT Skills Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe