Very sneaky phishing call (?)

I almost put this in GQ, but I’m 99% sure it’s a scam.

Mr. S and I just changed our health insurance on July 1 to Humana through his employer (State of Wisconsin, yee-haw!). We have all of our cards, and I’ve even already ordered and received a prescription through the mail-order service. All appears well.

So today the phone rings, “Unknown Name / Unknown Number,” so I let it ring. (I <heart> Caller ID.) The machine picks up and I hear a recorded message saying it’s Humana calling for Mr. S (first name as part of the recording, last name spliced in as spoken by a real human). They want to verify that they have our correct coverage information. <bells go off in my head> They give a toll-free number, thank me for choosing Humana, and wish me a nice day.

Hm, well, they did have the correct first and last name, and we did just switch. But my tingling spidey-scam sense says, shouldn’t they have the right info already?

Just for shits and giggles, I Google the number. Only 5 hits, all lists of those “reported numbers.” There are no comments, as when people report what sort of calls they get from these problem numbers. I check the Humana Web site and my cards, and the number isn’t there.

If it’s a scam, it’s a damned good one. I can see how some sucker could be taken in.

If it’s legitimate, then Humana is a bunch of damned idiots. Because there’s no way I’m calling that number. (Although I’m just a tiny bit tempted, just to see what they ask.)

If it is a scam, they either have really good timing or an inside connection to Humana.

Let’s see…a computerized calling gadget calls 100K numbers per day and says to each, “We’d like to verify your Humana information…”

Nah, no way they could randomly connect with a Humana customer.

See, that’s what I’m thinking, is maybe a hack into their database or something. And why does that number only show up on the “scam” lists?

I may call the legitimate Humana number and ask what’s up.

One time we got a similar call from our insurance agent’s assistant, who we’d never talked to or even heard of. He wanted to see if we were interested in bundling up our home and auto policies for a discount, and he wanted to give us a free quote. I said sure, why not . . . and then he asked for our SSNs. Nope, no way, buddy. I e-mailed the agent, and it turned out to be a legit call, but I advised him that that was a really dumb way to go about it.

Musicat: They did have the right name . . . but then again, it’s the one on the phone account. :dubious: Another strike.

If you’re not worried about people being able to find you in the phone book, you can call the phone company (at least you can Verizon) and have them list your name differently. I had them list me as <middle name> <last name>, because I don’t use my middle name anywhere else. Now if I get a call or letter to <middle name> <last name>, then I know they just got my name from the phone listings.

I opt for “call Humana directly.”

Not so (as Musicat already said). I get phishing emails to “<insert name of my bank here> Customer” at least once a week. Makes you wonder, right? These guys know what bank I use!

Except that I also get emails to “Citibank customer” and “Bank of America customer” and about two dozen other banks. It’s just phishing.

Yabbut, do those include your first and last name? The ones I’ve seen usually just say “Dear customer.”

Emails generally don’t include my name, or they use the part of my email address before the “@”.

Of course, it’s different on the telephone. If they are using a directory database, they have the name to go with the number – and possibly even the address.

Yeah, I use “lists @” for some of my e-mail lists . . . so of course I get spam that says “We got you on video naked, lists” and similar malarkey.

I get those at work to,
We got you on video naked, Sales
You really look stupid, customerservice

I’d report it to Humana. It could be a coincidence, but it could be a security breach. Of course, your report may not get anywhere because they’ve never given the CSR’s a script for how to deal with reports of attacks. Still it couldn’t hurt.

As a side note, my bank once hired an outside firm to email their customers with various offers (loans, etc.). I was suspicious since none of the emails or URLs had the bank’s name in it even tho they used the official logo.

And some text was misspelled, another red flag.

Nevertheless, the bank verified that they were legitimate. I strongly suggested that this was an incredibly boneheaded thing to do, and I never got any more. Either they changed their ways or they removed me from the mailing lists.

Large companies outsource this sort of follow up grunt work to outside agencies & calling centers all he time. The likelihood of it being a phishing call is small given the way you described it.

Virgin Mobile in the UK had a debt collection agency onto me once (I changed bank account and they messed up the transferred direct debit). They had outsourced this to an Indian call center, that began each call with “Hello this is Virgin Mobile please give me your date of birth.” To which I repeatedly said “no way”.

Eventually I googled the number, got the name of the agency, and then rang Virgin to confirm all the details, but seriously, what a dumb thing for a legitimate operation to be doing.

Well, I just called Humana and played the message for the CSR (who, luckily, was an actual person and not a script-reading drone), and she agreed that it sounded odd and that if it was for Humana, it was a dumb way to go about it. She did say that they call people every 6 months to verify that they haven’t acquired other insurance (such as Medicare). She took care of that for me, and then she called the suspicious number just to see what happened, and she said the automated system they had didn’t sound like anything she was familiar with. She’s going to kick it upstairs to her supervisor.

As far as I’m concerned, that takes care of it. But I’ll be interested to see if Humana calls back with further info.