Health insurance: protect against scams and fraudulent messages

This information campaign by the Health Insurance to identify fraudulent messages comes at a time when a cyber-attack has just hit two third-party management operators. More than 33 million people are affected by the personal data leak caused by this hack.

The National Commission for Informatics and Freedoms (Cnil) states that operators must inform all their members affected by this data breach “individually and directly”, in accordance with the General Data Protection Regulation (GDPR).

What reflex for which solicitation?

With the growth of online services and improved deception techniques, it has sometimes become difficult to distinguish a true message from an attempted scam. How do you deal with each situation?

In front of an e-mail message

• Verify the sender's address, even if it looks like an official website.
• Pay attention to spelling and the turn of sentences. Spelling mistakes, random punctuation must catch your eye.
• Do not open attachments.
• Never share confidential information : login credentials, social security number, bank details, etc.
• Do not click on links contained in messages.
• In case of doubt and before taking action, check with the body to see if this is a real message. When you make a call, hang up and call back. You will find an official number on search engines or through your usual means of access (through your application, a web browser, etc.).

In case of phone call or SMS

If you receive a call or text message from an unknown source: do not answer if you are asked to provide your personal and/or banking data and credentials.

On access to services on the Internet

It is recommended that you change your login passwords regularly, directly at the relevant site, and use a complex combination. It is also recommended that you enable two-factor authentication (2FA) when possible.

How do I report a scam attempt?

Reporting a fraudulent message helps limit the number of people who are scammed. Reporting can be done in several ways:

• if it is a text message: on 33700.fr or directly by SMS at 33 700;
• if this is a phishing attempt: on Phishing initiative ;
• if the message is illegal: on the government platform Pharos.

If you are a victim of fraud, you can file a complaint with the police station or the gendarmerie brigade. Keep the evidence in your possession.

You can also contact Info Scams on 0 805 805 817, Monday to Friday from 9 am to 6:30 pm (free call from the UK).

What is phishing?

Phishing (or phishing, in English) is a scam that takes place on the internet. A person reports for a false identity and attempts to steal sensitive data, such as your password, account number or bank details.

Crooks often pretend to be an organization that you are familiar with, such as your bank, health insurance, tax department, service and payment agency, etc.

In recent years, attempts to retrieve personal data have not been limited to internet messages: victims receive calls or text messages directly on their phones.