Medicare warns that fraudulent attempts to extract personal and confidential information from its affiliates are intensifying. If you receive a message from the CNAM, be careful before answering. Here’s why.
Have you received an email from Medicare asking for your social security number, your bank details or medical information? This is probably a case of “phishing”. What is that ?
“Phishing” or phishing in French is a fraudulent method consisting in impersonating an official organization or a legitimate company via email or text message in order to obtain confidential information “such as the bank card number, under the pretext of receive a reimbursement for treatment or to pay shipping costs for the sending of a new Vitale card”. The objective: to use this data to steal money or usurp the identity of the targeted person. And this phenomenon occurs in “campaigns”, according to the public body, which warns the insured.
No personal data
But “Medicare never asks for the transmission, by email or SMS, of personal elements (bank details, medical information, social security number, or password)”, she continues.
A novelty is added to the list of phishing-type techniques: “fraudulent calls and messages relating to the new digital service My health space (…) claim to want to “help create My health space” by asking in particular to enter the identifiers “France Connect” to access the digital service”, indicates the CNAM. In this case, “the risks of identity theft are high and can affect different services in the event of transmission of information (taxes, etc.)”. Better to be very vigilant when opening emails.
Finally, “only exchanges of information via the ameli account are secure”, concludes the organization. And to make sure that an email comes from the CNAM, just “position the mouse cursor on the link, without clicking on it, in order to display the address”. If it is not assurance- firstname.lastname@example.org, you are the subject of a phishing attempt.
To note : in some cases, to secure the calls, the Medicare advisers may ask for some of the bank details, but never all of them, and never any password, even a temporary one.