Why are you targeted by phishing attacks pretending to be Health Insurance?

Health insurance: your vital card is about to expire », to continue receiving your healthcare reimbursements, update your information »… Did you receive a message of this kind this summer? As the public authorities warn, these SMS are part of phishing campaigns that impersonate Ameli (Online Health Insurance). The criminals dangle a refund – or a risk of no longer being reimbursed – to extort your bank details.

The Health Insurance reimbursement scam is one of the great classics of phishing, alongside the parcel scam, false tax reimbursement or the CPF scam. It is mass phishing, often quite crude in its implementation, and therefore inexpensive to set up, especially since there are ready-to-use kits on cybercriminal forums. By targeting a large number of targets, the thugs will succeed even if only a small fraction of them fall into the trap.

Why criminals pretend to be health insurance

A common misconception about phishing would be that the identity impersonated in the message (here, Ameli) would have suffered a security incident. But in the overwhelming majority of the time, this is not the case. And for good reason: criminals do not need to launch cyberattacks to obtain telephone numbers, they just need to go to illegal forums.

Every day, hundreds of companies are victims of data leaks, sometimes massive. It is enough that your number is found in one of them and it will be aggregated with lists, as there are hundreds of them on the forums of hackers. Some lists, which contain previously unused information, can be exchanged for a fee, others are available free of charge. This is why, once you receive a first spam, you generally receive others in the following weeks.

Problem for criminals: these lists often have no consistency, that is to say that the owners of the numbers have few characteristics in common. But with the dialing of the numbers, they can deduce the origin and sort them by nationality. Then, they just have to create a message that will be likely to concern as many targets as possible. This is why they usurp the identity of public bodies such as Health Insurance or taxes: they are in contact with the overwhelming majority of French people, and offer pretexts to talk about money such as healthcare reimbursement or regularization of income tax.

What precautions to take

To send their phishing, criminals prefer SMS to emails. This method of sending, more expensive, has the advantage of being confronted with very little protection, where mailboxes have increasingly efficient filters. If it is difficult, if not impossible, to prevent the sending of messages, there are on the other hand all kinds of means to report and block the Internet links contained in the SMS, which are used to steal banking data. Results, they become inactive usually within hours after sending the message.

Massive phishing campaigns like the ones this summer are, overwhelmingly, technically underdeveloped. In other words, receiving the SMS should not worry about the security of your Ameli account, and even clicking on the link should have no effect, since it only very rarely relies on malware.

On the other hand, you will have to react quickly if you have filled in forms, after clicking on the link. If you have given your credit card information, you will need to contact your bank as soon as possible to object (most of them have a telephone number that can be reached 24 hours a day, 7 days a week). If you have given your phone number or your email address, there is unfortunately little action to take, apart from being extra vigilant, with these means of contact could be exploited by other hackers to send phishing.

CPF scams: why the fraudulent canvassing never ends