158
submitted 3 weeks ago* (last edited 2 weeks ago) by FlyingSquid@lemmy.world to c/mildlyinfuriating@lemmy.world

I got a voicemail from the Kroger pharmacist who told me to call her back. It was definitely the Kroger pharmacy number because I've had to call it before, so that was not part of the scam.

However, some scammer who knew who my health insurance company was (I get it through my wife, which ads to the creepiness here) tried to get my personal health data from the Kroger pharmacy. They asked for personal info and the pharmacist said she wouldn’t give it to them but would have me call them back.

She told me all of this when I called her to find out what was up. She gave me the number and the first thing I did was look it up to see if it was legitimate because that just sounded off to me.

Sure enough, the first link that came up was a Facebook post (Why Facebook as the first link in the search? No idea.) warning about that number specifically scamming people by pretending to be my insurance company, followed by other links on other websites talking about it being a scammer source, and not just just for health insurance scamming.

They've also somehow fucked with the SEO because in between those were legitimate links to my health insurance company, but that phone number is not on the pages.

I feel really bad for anyone who falls for this, because it was clearly just legitimate enough for the pharmacist to not suggest to me that I should be careful about being scammed. I know exactly who I talked to and she's a cool lady, so I'm pretty sure she would have if she was sure enough.

Update if anyone is still around: Contacted the state pharmacy board and also went to the local pharmacy and told them about it. I couldn't figure out the right people to get in touch with at the FBI, but I have a feeling I'm going to have to contact the state attorney general next and ick.

top 35 comments
sorted by: hot top controversial new old
[-] zaph@sh.itjust.works 70 points 3 weeks ago

Sounds like your insurance company has a data leak problem

[-] w3dd1e@lemm.ee 24 points 3 weeks ago* (last edited 3 weeks ago)

UnitedHealth had a massive ransomware attack in Feb and millions of people got their data leaked.

[-] LordCrom@lemmy.world 13 points 3 weeks ago

Not just them. I've gotten 3 letters from providers saying data was stolen and 1 from my ins company saying the same.

It's a wonder we even try to keep this shit safe anymore where every company with underpaid or incompetent IT/security hold our data.

[-] Infynis@midwest.social 6 points 3 weeks ago

I was recently in college for IT, and my professors said a couple of times that it's best practice just to assume that all of your info has already been stolen

[-] seang96@spgrn.com 4 points 3 weeks ago

I try to protect it but apparently I got a report that my social got stolen recently. Health insurance sucks, we keep getting massive increase in costs, then swap providers, then my data is stored in more and more systems waiting to be breached.

[-] LordCrom@lemmy.world 3 points 2 weeks ago

Hell, my company switches 401k providers every year, another company now gets all my info or I lose my 401k and I have no choice

[-] FlyingSquid@lemmy.world 18 points 3 weeks ago

Probably. Sadly, they're one of the biggest in the U.S. and I don't get to choose.

[-] possiblylinux127@lemmy.zip 13 points 3 weeks ago

They are required to meet HIPAA. If they aren't make a storm of it and report them.

[-] Fermion@feddit.nl 7 points 3 weeks ago

I've received more healthcare provider PII leak letters in the last couple years than the number of appointments I've had. Everyone is so eager to come up with some shiny new software to sell in the healthcare goldrush, but so many of them are absolutely terrible at security.

[-] jewbacca117@lemmy.world 3 points 3 weeks ago

My guess it's from the Change Healthcare breach back in Feb.

[-] sgibson5150@slrpnk.net 28 points 3 weeks ago

Someone emailed my boss a while back pretending to be me. Asked that my direct deposit be changed. Boss told me he nearly sent it to the accountant but decided he should double check with me first. People are assholes.

[-] socphoenix@midwest.social 28 points 3 weeks ago

One of the best anti-scam advice I was ever given was to always call the number I knew was valid like the one on my insurance card in this instance and verify that way.

[-] possiblylinux127@lemmy.zip 4 points 3 weeks ago

That's part of HIPAA I believe

[-] athairmor@lemmy.world 16 points 3 weeks ago

HIPAA is about disclosure of personal medical details not about what phone numbers to call.

[-] possiblylinux127@lemmy.zip 3 points 3 weeks ago

That's not really correct. HIPAA is a set of requirements that governs everything that touches HIPAA protected data.

[-] orclev@lemmy.world 9 points 3 weeks ago

It's also just a good policy in general. Anytime you receive a communication that's prompting you to do something that you weren't expecting to receive you should ignore any links, phone numbers, replies, etc. in that communication and instead reach out using a known good mechanism. Doing that one thing stops the overwhelming majority of scams in their tracks.

[-] possiblylinux127@lemmy.zip 22 points 3 weeks ago

Report this to the authorities. The pharmacy should also report it and do an investigation.

The FBI would be happy to look into this. Chances are you are not the only victim.

[-] FlyingSquid@lemmy.world 11 points 3 weeks ago

That's a good idea. Any idea who I should report it to specifically? Like is there a certain department I need to talk to?

[-] jordanlund@lemmy.world 12 points 3 weeks ago

I'd also hit up your state pharmacy board.

Your pharmacy did the right thing by not revealing information and calling you, other pharmacies likely aren't that smart.

[-] FlyingSquid@lemmy.world 7 points 3 weeks ago

Good idea. Thanks.

[-] ininewcrow@lemmy.ca 17 points 3 weeks ago

Don't feel bad about it.

About three years ago I got a call from my credit card company asking me if I had booked a first class flight from New York to Milan for $2,000 and reserved a five star hotel in Italy for $1,000 a night, plus a few other hundred dollar charges of other things.

I have travelled overseas before but I'm a budget traveller and I wouldn't spend money like that ... plus my travelling days were basically over anyway ... plus I don't live, work or go near New York city, I'm in northern Ontario, Canada!

I cancelled the card immediately and started looking back on what I had done that led to this. The only thing I could point to was that about a month or two before, I had been playing around with a bunch of phone apps and a few Chinese face filter apps I had experimented with and had signed up to trial subscriptions without knowing it which gave my credit card information through Google Play. I'm very careful with my credit card and apply every security feature that is given but that one slip up gave me away. I now layer Google play purchases behind Pay Pal tagged to a limited Credit Card to just that account and with all security, two factor authentication I can apply on everything.

As security minded as all this can be, all security professionals agree that the weakest link to any secure system are the fallible humans (and I'm one of them) who operate this stuff.

[-] Beacon@fedia.io 8 points 3 weeks ago

I'm somewhat sure that when your pay for a subscription through the play store that it doesn't send your full credit card information to any 3rd party, it's google itself that does the credit card transaction

[-] ininewcrow@lemmy.ca 7 points 3 weeks ago

You are partly right ... but if you sign up to a service to some of these dumb apps, they will redirect you to different sources to verify a purchase (whether it is legitimate or not). At the time, I was having a bunch of silly fun with my nieces and nephews fooling around with a new phone and finding new apps to play with. I think I got too carried away and wanted to get something to work without being careful enough.

The fun part was in finding some dumb face filter app that turned my big brown brooding middle aged male Indigenous face into a beautiful petite Asian princess that could talk and chat with my nieces and nephews. That was an expensive bit of fun that I paid for later.

[-] Beacon@fedia.io 2 points 2 weeks ago

Fyi the word for nieces and nephews is niblings. That way you can just say a single word

[-] SnotFlickerman@lemmy.blahaj.zone 15 points 3 weeks ago

Scams are getting pretty wild out there, and pretty convoluted.

Thanks for the heads up for this type of scam, in particular.

[-] jewbacca117@lemmy.world 12 points 3 weeks ago

Change Healthcare just announced data for 100 million people was stolen when they got breached back in Feb. They handle all kinds of pharmacy stuff so I imagine this will happen a lot here on out.

[-] FenrirIII@lemmy.world 7 points 2 weeks ago

My wife and I have had our data breached 2-3 times per year. We just got a notice of a lien against my wife because someone used her info to fraudulently file a lien and the dipshit county in a state we don't live in granted it. This has gone too far.

[-] FlyingSquid@lemmy.world 2 points 2 weeks ago

Very much so.

I went over to the pharmacy this morning and gave them info and am working on contacting others. This needs to be stopped somehow.

[-] irotsoma@lemmy.world 5 points 2 weeks ago

Blame ChangeHealthcare (owned by United Healthcare) and be ready for many more scammers who know your medical history.

[-] FlyingSquid@lemmy.world 2 points 2 weeks ago

Lovely. Sigh.

[-] NutinButNet@hilariouschaos.com 4 points 3 weeks ago

Scammers are crafty assholes.

Your health insurance information may have been leaked. There’s been a ton of data leaks as of recent and it’s not unlikely that a list of health insurance providers and their customers are on the dark web somewhere and this is where they got that information about you.

Worse about these data leaks is that a lot of the ones being announced happened months ago, so it’s likely we still have some leaks that haven’t yet made it to the news to let people know their information is out there.

Getting your health data from the pharmacy may have just been the next step in their plan of getting to you to trick you into giving up money, or somehow using your information to do something illegal.

[-] Alice@hilariouschaos.com 2 points 3 weeks ago
[-] FlyingSquid@lemmy.world 3 points 3 weeks ago
this post was submitted on 25 Oct 2024
158 points (99.4% liked)

Mildly Infuriating

35455 readers
440 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...


7. Content should match the theme of this community.


-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.

...


8. Reposting of Reddit content is permitted, try to credit the OC.


-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

...


Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense


Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 1 year ago
MODERATORS