I got a voicemail from the Kroger pharmacist who told me to call her back. It was definitely the Kroger pharmacy number because I’ve had to call it before, so that was not part of the scam.
However, some scammer who knew who my health insurance company was (I get it through my wife, which ads to the creepiness here) tried to get my personal health data from the Kroger pharmacy. They asked for personal info and the pharmacist said she wouldn’t give it to them but would have me call them back.
She told me all of this when I called her to find out what was up. She gave me the number and the first thing I did was look it up to see if it was legitimate because that just sounded off to me.
Sure enough, the first link that came up was a Facebook post (Why Facebook as the first link in the search? No idea.) warning about that number specifically scamming people by pretending to be my insurance company, followed by other links on other websites talking about it being a scammer source, and not just just for health insurance scamming.
They’ve also somehow fucked with the SEO because in between those were legitimate links to my health insurance company, but that phone number is not on the pages.
I feel really bad for anyone who falls for this, because it was clearly just legitimate enough for the pharmacist to not suggest to me that I should be careful about being scammed. I know exactly who I talked to and she’s a cool lady, so I’m pretty sure she would have if she was sure enough.
Update if anyone is still around: Contacted the state pharmacy board and also went to the local pharmacy and told them about it. I couldn’t figure out the right people to get in touch with at the FBI, but I have a feeling I’m going to have to contact the state attorney general next and ick.
Sounds like your insurance company has a data leak problem
UnitedHealth had a massive ransomware attack in Feb and millions of people got their data leaked.
Not just them. I’ve gotten 3 letters from providers saying data was stolen and 1 from my ins company saying the same.
It’s a wonder we even try to keep this shit safe anymore where every company with underpaid or incompetent IT/security hold our data.
I was recently in college for IT, and my professors said a couple of times that it’s best practice just to assume that all of your info has already been stolen
Probably. Sadly, they’re one of the biggest in the U.S. and I don’t get to choose.
My guess it’s from the Change Healthcare breach back in Feb.
Someone emailed my boss a while back pretending to be me. Asked that my direct deposit be changed. Boss told me he nearly sent it to the accountant but decided he should double check with me first. People are assholes.
One of the best anti-scam advice I was ever given was to always call the number I knew was valid like the one on my insurance card in this instance and verify that way.
Don’t feel bad about it.
About three years ago I got a call from my credit card company asking me if I had booked a first class flight from New York to Milan for $2,000 and reserved a five star hotel in Italy for $1,000 a night, plus a few other hundred dollar charges of other things.
I have travelled overseas before but I’m a budget traveller and I wouldn’t spend money like that … plus my travelling days were basically over anyway … plus I don’t live, work or go near New York city, I’m in northern Ontario, Canada!
I cancelled the card immediately and started looking back on what I had done that led to this. The only thing I could point to was that about a month or two before, I had been playing around with a bunch of phone apps and a few Chinese face filter apps I had experimented with and had signed up to trial subscriptions without knowing it which gave my credit card information through Google Play. I’m very careful with my credit card and apply every security feature that is given but that one slip up gave me away. I now layer Google play purchases behind Pay Pal tagged to a limited Credit Card to just that account and with all security, two factor authentication I can apply on everything.
As security minded as all this can be, all security professionals agree that the weakest link to any secure system are the fallible humans (and I’m one of them) who operate this stuff.
Removed by mod
My wife and I have had our data breached 2-3 times per year. We just got a notice of a lien against my wife because someone used her info to fraudulently file a lien and the dipshit county in a state we don’t live in granted it. This has gone too far.
Very much so.
I went over to the pharmacy this morning and gave them info and am working on contacting others. This needs to be stopped somehow.
Change Healthcare just announced data for 100 million people was stolen when they got breached back in Feb. They handle all kinds of pharmacy stuff so I imagine this will happen a lot here on out.
Blame ChangeHealthcare (owned by United Healthcare) and be ready for many more scammers who know your medical history.
Lovely. Sigh.
