Tech Tip: What NOT To Do With A Suspicious Email

Learning how to identify suspicious emails is essential to keeping your organization safe from cybercriminals. But did you know that mishandling a phishing attack could be just as dangerous as falling victim to one?

Here are some examples of what NOT to do when you receive a suspicious email:

Do not reply to the email for verification.

If you receive a suspicious email that appears to be from someone you know, you may be tempted to investigate further. Replying to the email with questions like, “Have you been hacked?” or “Is this attachment safe?” only increases the security risk. If an email account has been compromised, the person who replies back to your question probably won’t be who you expect. You could be communicating with a cybercriminal in disguise.

Do not forward the email to someone else.

The best practice is to never click a link or open an attachment that you were not expecting. But if you are fooled by a phishing email and you click a malicious link or open a malicious attachment, you may find that the link or attachment will not behave as expected. For example, after you open what appeared to be an image attachment, the file may open an installer window instead. Another example is when a malicious link redirects you to an unrelated login page.

If you see the unusual behavior of a malicious link or attachment, you may think about forwarding the email to a coworker for help. But, don’t do it! Whenever you click on a link or open an attachment, consider any unusual behavior as a red flag. Never forward unusual or suspicious emails to other users. If you forward a phishing email, you increase the risk of a security breach because it helps cybercriminals reach more potential victims.

Do not mark the email as spam.

First, let’s clarify the difference between spam and a phishing attack. Spam emails are typically annoying or unwanted advertisements. Spam is often unsolicited, but it is usually just a harmless attempt to sell you something. On the other hand, a phishing attack is a malicious email designed to look and feel like real correspondence. Phishing emails typically include a call to action such as clicking a link, opening an attachment, or even transferring money.

Marking an email as spam moves that email, and any other emails that you receive from that sender, to a different folder. This means moving a phishing email to spam would only hide the problem, not resolve it.

What should I do with a suspicious email?

The best way to handle a suspicious email is to notify your organization. If you report a suspicious email, your cybersecurity specialists can assess and mitigate the threat.

Here are some tips for reporting a suspicious email:

• Be sure to follow your organization’s process for reporting suspicious emails. Following cybersecurity protocols will help keep everyone’s information safe.

• If you don’t know how to report the email, leave it in your inbox and ask a manager or supervisor for help.

• If you’re not sure whether an email is spam or a phishing attack, report it and let the experts decide.



WellCare New Broker Portal Coming Soon – Sneak Peek on Support Ticketing System

Sourced from WellCare Broker Bulletin on 2.17.22:


We are getting close to the launch of the new Wellcare broker portal! As we wrap up the final stages of development, we would like to provide you with sneak peeks into what’s to come.

This Week’s Sneak Peek – Support Ticketing System

The ticketing system will offer several new enhancements that will provide you with better support from the Wellcare team.

As shown in the screenshot below, tickets will include the following:

  • Inquiry Type and Subtype Categorization
  • Detailed Description Related to the Inquiry
  • Ticket Status
  • Status Update Date

The search fields shown at the top make it easy to filter down to specific tickets based on Ticket Number, Status, and / or inquiry Type or Subtype.

Other features include email notifications to notify you when a ticket status has been updated, as well as a Pending Broker status to alert you the support team needs more information in order to resolve your escalation.

We encourage you to review the recently shared NEW Wellcare Broker Portal – Coming Soon! communication that provided additional information on key improvements and enhancements to support tickets, status and credential monitoring, commission statements, and dashboard reporting.

The new broker portal will be available soon! We appreciate your partnership and are excited to present you with a new tool that will aid in your success.


Remember, be on the lookout for more sneak peeks on the key features of our new broker portal!

Mutual of Omaha Reminder: OKTA Registration for SPA Deadline

REMINDER – All users of Sales Professional Access (SPA) must register for Okta prior to February 24th. We encourage agents to register for Okta immediately to avoid potential business disruption. Okta is a two-factor authentication process.

SPA login credentials cannot be shared. After successfully registering for Okta, you will continue to use the same SPA website ( as you previously have. To login, you will use your SPA username (not email address) and password.


Before registering for Okta, ensure your contact information on SPA is current. The contact information on filed will be used for authentication.


Step 1 – Verify Contact Information on SPA

  • Log on to Sales Professional Access (
  • In the upper right-hand corner, select the image of the person
  • Select “Profile”
  • Review your information
  • Update as needed your email address, mailing addresses and/or phone numbers
  • Make note of your username which is located under the PROFILE tab
  • If any changes are made, click “Update”


Step 2 – Register for Okta

  • Open a browser window and go to
  • This site is for Okta registration only and authentication management
  • Enter your SPA Username and click Next
    • If you are unsure of your username or password, click here for instructions on how to identify this information.
  • Enter SPA password and click Sign In
  • Choose a forgot password question
  • Select a security image and click Create my Account
  • A list of two-factor authentication methods (Okta verify app, text, voice and email) will appear. Select at least one method (we highly suggest two)


Step 3 – Determine if you need to add Authorized Users to your Account

  • Offices in which multiple individuals needs to access SPA will need to set up each individual as an Authorized User. SPA login credentials cannot be shared
  • To add authorized users, login to SPA
  • Select the profile image in the upper right corner and select Account Access Management
  • Add authorized users by completing the required fields. Ensure you use the correct date of birth for each user added
  • Determine the access level for each authorized user
  • Authorized users will receive an email from Mutual of Omaha. They should follow the steps in the email to complete the setup process



Lumico News: Upcoming Med Sup Rate Adjustments in Certain States

Pulled from Lumico Broker Announcement from 2/10/22:


Effective March 1, there will be a rate adjustment for Lumico’s Med Supp Plans A, F, G and N in 17 states, and basic plan and riders in Wisconsin.

This will affect existing policyholders in the following states: AL, FL, IA, KS, KY, MD, MO, ND, NM, NV, OR, PA, SD, UT, VA, WI, WV and WY.

 Communications are being sent to existing policyholders based on their upcoming rate adjustment date. We recommend agents contact their clients in these states who may be impacted.

For new sales: The rate adjustment will also be applicable to new sales in these states, with the exception of IA, ND, SD and UT. Applications with a sign off date prior to 3/1/2022 will be issued a policy with the current rates in effect for the upcoming 12-month period. Any application with a sign off date on 3/1/2022 or later will be subject to the new rates.


If you have any questions, please contact CSM’s Michelle Kapp

CMS ALERT February 3, 2022

Biden-Harris Administration Will Cover Free Over-the-Counter COVID-19 Tests Through Medicare

CMS News Alert – February 3, 2022 

CMS Developing Initiative to Enable Access to Eight Free Over-the-Counter COVID-19 Tests for Medicare Beneficiaries in Early Spring

As part of the Biden-Harris Administration’s ongoing efforts to expand Americans’ access to free testing, people in either Original Medicare or Medicare Advantage will be able to get over the-counter COVID-19 tests at no cost starting in early spring. Under the new initiative, Medicare beneficiaries will be able to access up to eight over-the-counter COVID-19 tests per month for free. Tests will be available through eligible pharmacies and other participating entities. This policy will apply to COVID-19 over-the-counter tests approved or authorized by the U.S. Food and Drug Administration (FDA).

This is the first time that Medicare has covered an over-the-counter test at no cost to beneficiaries. There are a number of issues that have made it difficult to cover and pay for over the-counter COVID-19 tests. However, given the importance of expanding access to testing, CMS has identified a pathway that will expand access to free over-the-counter testing for Medicare beneficiaries. This new initiative will enable payment from Medicare directly to participating pharmacies and other participating entities to allow Medicare beneficiaries to pick up tests at no cost. CMS anticipates that this option will be available to people with Medicare in the early spring.


Until then, people with Medicare can access free tests through a number of channels established by the Biden-Harris Administration. Medicare beneficiaries can:

  • Request four free over-the-counter tests for home delivery at
  • Access COVID-19 tests through healthcare providers at over 20,000 free testing sites nationwide. A list of community-based testing sites can be found here.
  • Access lab-based PCR tests and antigen tests performed by a laboratory when the test is ordered by a physician, non-physician practitioner, pharmacist, or other authorized health care professional at no cost. In addition to accessing a COVID-19 lab test ordered by a health care professional, people with Medicare can also already access one lab-performed test without an order, also without cost sharing, during the public health emergency.

In addition:

  • Medicare Advantage plans may offer coverage and payment for over-the-counter COVID-19 tests as a supplemental benefit in addition to covering Medicare Part A and Part B benefits, so Medicare beneficiaries covered by Medicare Advantage should check with their plan to see if it includes such a benefit.
  • All Medicare beneficiaries with Part B are eligible for the new benefit, whether enrolled in a Medicare Advantage plan or not.

For more information, please see these Frequently Asked Questions,

Tech Tip: Cybersecurity Myths, Busted!

Security Hints & Tips: Cybersecurity Myths – BUSTED!

It’s time for a pop quiz: Which of the following is a myth?

  1. Only people in high-power positions are targets of cybersecurity attacks.
  2. High-tech hackers pose the highest threat to your organization.
  3. Cybersecurity is a highly technical process that only your IT department can handle.
  4. Security awareness only really matters when you’re at work.
  5. Smart devices are rarely targeted by cybercriminals.

Did you find the myth? Hopefully you did, because this was a trick question! Each of these is a common cybersecurity myth. Read on to learn the truth behind these misconceptions:

Myth #1: Only people in high-power positions are targets of cybersecurity attacks.
Executives and administrators are prime targets for cybercriminals, but that doesn’t mean they’re the only targets. Scammers attack every level of an organization, looking for gaps in security. After all, it only takes one hacked machine to access your entire network.

Myth #2: High-tech hackers pose the highest threat to your organization.
You may imagine a cyberattack as the use of highly sophisticated technology to break down firewalls and decode user passwords. But in truth, it is much more likely that Dave wrote his password on a sticky note and it fell into the wrong hands. Human error is an easy target for cybercriminals, so stay alert!

Myth #3: Cybersecurity is a highly technical process that only your IT department can handle.
The security tools that your IT department manages are important, but technology can only do so much. These security measures can’t stop an employee from sending sensitive information within an email. Creating a human firewall, made up of each and every employee, is essential to the security of your organization. Security is everyone’s responsibility.

Myth #4: Security awareness only really matters when you’re at work.
Your organization’s at-work policies and compliance regulations may not be necessary in your home life, but security awareness still matters. Scammers could phish your personal email for bank accounts, login credentials, or even personally identifiable information, which can be used to perform identity theft.

Myth #5: Smart devices are rarely targeted by cybercriminals.
Nearly everyone has a smartphone and many people use smart devices throughout their homes. From smart speakers to security cameras to lightbulbs, all of these gadgets connect to the internet. As these devices become the norm, cybercriminals happily accommodate. Treat smart devices the same way you would treat any other computer. Always use strong passwords, install antivirus and anti-malware software, and keep these devices up-to-date with the latest security patches.

WellCare: 2021 Year End Tax Statement Information

Sourced from WellCare Broker Bulletin from 2/1/22: 


We want to inform you that 1099 Year End Tax Statements were mailed to the shipping address on file as of January 31, 2022. To receive a 1099 Statement for tax year 2021, the broker or agency must have received $600 or more from Centene (Comprehensive Health Management).

If you have not received a 1099 Statement by February 14, 2022 or have questions about the statement you received, please submit a support ticket in Agent Connect, which can be accessed through the Single Sign-On Portal.

Please refer to page 38 of the 2021 Agent Connect User Guide for instructions on creating a support ticket.


If you have any questions, please consulate your CSM representative here –