Phishing

Health insurance: protect against scams and fraudulent messages

Publié le 09 février 2024 - Directorate for Legal and Administrative Information (Prime Minister)

E-mails, SMS, telephone calls... attempts at fraud can come in different forms. How do I recognize malicious solicitations? The Health Insurance reminds us of the essential safety advice.

Image 1
Image 1Crédits: carballo - stock.adobe.com

This information campaign by the Health Insurance to identify fraudulent messages comes at a time when a cyber-attack has just hit two third-party management operators. More than 33 million people are affected by the personal data leak caused by this hack.

The National Commission for Informatics and Freedoms (Cnil) states that operators must inform all their members affected by this data breach “individually and directly”, in accordance with the General Data Protection Regulation (GDPR).

Please note

the council advises to be “careful about any solicitations you may receive, especially if they relate to reimbursement of health expenses” and to “check periodically the activities and movements on your various accounts”.

FYI  

The Ministry of Interior has set up an online complaint form following the cyber-attack. There is no need to travel to a police station or gendarmerie brigade.

You can download the complaint letter form and send it via France Transfer or by post.

What reflex for which solicitation?

With the growth of online services and improved deception techniques, it has sometimes become difficult to distinguish a true message from an attempted scam. How do you deal with each situation?

In front of an e-mail message

  • Verify the sender's address, even if it looks like an official website.
  • Pay attention to spelling and the turn of sentences. Spelling mistakes, random punctuation must catch your eye.
  • Do not open attachments.
  • Never share confidential information : login credentials, social security number, bank details, etc.
  • Do not click on links contained in messages.
  • In case of doubt and before taking action, check with the body to see if this is a real message. When you make a call, hang up and call back. You will find an official number on search engines or through your usual means of access (through your application, a web browser, etc.).

Warning  

Health Insurance emails never include an attachment; Health Insurance never asks for the tax number or the connection identifiers of the insured.

In case of doubt about a message, it is better to go through the messaging of your friendly account.

In case of phone call or SMS

If you receive a call or text message from an unknown source: do not answer if you are asked to provide your personal and/or banking data and credentials.

On access to services on the Internet

It is recommended that you change your login passwords regularly, directly at the relevant site, and use a complex combination. It is also recommended that you enable two-factor authentication (2FA) when possible.

Please note

for ameli, the password change is made at this address: https://ameliconnect.ameli.fr

How do I report a scam attempt?

Reporting a fraudulent message helps limit the number of people who are scammed. Reporting can be done in several ways:

  • if it is a text message: on 33700.fr or directly by SMS at 33 700;
  • if this is a phishing attempt: on Phishing initiative ;
  • if the message is illegal: on the government platform Pharos.

If you are a victim of fraud, you can file a complaint with the police station or the gendarmerie brigade. Keep the evidence in your possession.

You can also contact Info Scams on 0 805 805 817, Monday to Friday from 9 am to 6:30 pm (free call from the UK).

Please note

the association France Victimes can accompany you in your complaint, by calling 116 006 (call and free service). This service is available 7 days a week, from 9 am to 7 pm.

What is phishing?

Phishing (or phishing, in English) is a scam that takes place on the internet. A person reports for a false identity and attempts to steal sensitive data, such as your password, account number or bank details.

Crooks often pretend to be an organization that you are familiar with, such as your bank, health insurance, tax department, service and payment agency, etc.

In recent years, attempts to retrieve personal data have not been limited to internet messages: victims receive calls or text messages directly on their phones.

Additional topics

Agenda