What do Phishing Email Attempts Look Like? Keep You Information Secure with These Tips

Jake Newby

| 4 min read

Sometimes we get so accustomed to clicking hyperlinks and attachments we receive in emails that we’re not always on guard against cyberattacks.
Recently, some Blue Cross Blue Shield of Michigan members have received emails from senders claiming to be Blue Cross and congratulating them for winning an “exclusive prize.” Specifically, some members have been falsely told they won a Medicare kit.
This type of cyberattack is known as “phishing.” Phishing is an email scam in which a hacker attempts to acquire sensitive data – such as bank account numbers, passwords and Social Security numbers –through a fraudulent solicitation in an email or on a website in which the perpetrator masquerades as a legitimate business or reputable person. In the case of this scam, a perpetrator is masquerading as Blue Cross.
The intention behind this scam is to capture a member’s personal information by tricking them into clicking on an attachment or link in the email to either claim their “award” or fill out a survey. Learn more about how to recognize this scam so you can avoid falling victim to it.

What to do if you receive a phishing email

There are quite a few indicators that reveal a suspicious email as a phishing attempt, according to the Federal Trade Commission (FTC). Here are signs that an email is a scam, per the FTC, even when it looks like it is sent by a company you know and uses that company’s logo in the header:
  • The email has a generic greeting.
  • The email says your account is on hold because of a billing problem.
  • The email invites you to click on a link to update your payment details.
A phishing e-mail typically looks to create a false sense of urgency, such as a time-based offer, or a request from a higher-up in the organization they are impersonating that urges the recipient to click hastily, so that they do not have time to consult a trusted advisor. Whenever you see a message calling for immediate action, it’d best to take a moment, pause, and look carefully at the message.
Another important marker that indicates whether an email is a scam is the email’s domain name. For example, if you receive an email claiming to come from Blue Cross, and the address linked to the sender doesn’t have “@BCBSM.com” in the email domain name, it is a scam. You can identify the authenticity of an email by placing your mouse over (without clicking) any links to view the authenticity of the website before clicking. If the website address does not match the company domain name and seems suspicious, do not click on the link. Here are other important tips to follow if you believe you are dealing with a phishing attempt:
  • Do not click any links inside the email body and do not respond to any prompts.
  • Do not reply to the email or reach out to the senders in any way.
  • Do not open any attachments that arrive with the email.
  • If you do open a website linked within the email, do not supply personal information such as your social security number, member ID or any private health information such as your current medications, chronic health conditions, etc., on that website.
  • Consider verifying the requests independently; if you receive an unusual request, verify it independently by contacting the company or individual through a known, legitimate channel.
  • Tag these emails as spam so similar messages in the future automatically land in your spam folder.
Malicious emails and text messages can be reported to federal agencies, including the FTC, at FTC.gov/Complaint. You can also report them to the Federal Communications Commission and the Federal Bureau of Investigation’s Internet Crime Complaint Center.
Members can click here for tips on creating stronger, more secure passwords, as well as common scams to be aware of. You can also learn more about how Blue Cross works to keep your information safe and secure below:
Photo credit: Getty Images
MI Blues Perspectives is sponsored by Blue Cross Blue Shield of Michigan, a nonprofit, independent licensee of the Blue Cross Blue Shield Association