TECH TIP: Scam of the Week: Email Impersonation Attacks on the Rise

Technology Tip – Scam of the Week: Email Impersonation Attacks on the Rise

Stay alert! The bad guys are now using CEO fraud and Business Email Compromise attacks more than ever.

These attacks take place when the bad guys impersonate executives within your organization via email and ask you to transfer them a large sum of money. They’re trying to manipulate you – don’t fall for it!

Instead, make sure that any request for a money transfer comes from the right person! Grab the phone and give them a call to verify that the request is legitimate. Better yet, communicate with them face-to-face about the request. They’ll thank you later!

 

Let’s stay safe out there!

IMPORTANT UPDATE: MedicareAPP Scope of Appointment

New in 2021: MedicareAPP can be used to capture electronic Scope of Appointments (SOA’s) for 2021.  This year you brokers have the option to either Text or Email the SOA to their clients.

Important: After an SOA is submitted by the beneficiary the broker must acknowledge the SOA disclosure statement and electronically sign the form in order for the SOA to be deemed successfully completed in the system.

*VIEW THE MEDICAREAPP SOA PROCESS GUIDE FOR MORE INFORMATION*

CSM Tech Tip: Email Body Red Flags

Technology Tip – Social Engineering Red Flag: ​Email Body

The prevalence of phishing scams is at an all-time high. Because you are the key to preventing a cyberattack within your organization, it is important to question the legitimacy of every email you receive. Below is a list of questions to ask yourself ​about the content and body of the email ​that may help you realize that you are being phished.

​​Review the content of the email.

  • ​​Is the sender asking me to click on a link or open an attachment to avoid a negative consequence, or to gain something of value?
  • Is the email out of the ordinary, or does it have bad grammar or spelling errors?
  • Is the sender asking me to click a link or open up an attachment that seems odd or illogical?
  • Do I have an uncomfortable gut feeling about the sender’s request to open an attachment or click a link?
  • Is the email asking me to look at a compromising or embarrassing picture of myself or someone I know?

If you notice anything about the email that alarms you, do not click links, open attachments, or reply. You are the last line of defense to prevent cyber criminals from succeeding and making you or your company susceptible to phishing attacks.

Let’s stay safe out there!

Tech Tip: WiFi vs. VPN

Technology Tip – WiFi? Why Not? VPN is your friend

 

Using free public WiFi at a coffee shop or airport hot spot is great for convenience, but bad for security.
Most free access points do not make use of encryption. This is done for convenience and ease of access. If every person had to ask the barista or gate attendant for the WiFi key, it would get unruly, and no actual work would get done.
Keep in mind that you are sharing those wireless airwaves with anyone that is within range of your wireless communications.

There is technology out there that allows you to view the wireless computer communications that are within range of your device.
To the bad guys, this technology lets them see what you are doing, the data you are passing to websites, and your usernames and passwords.

UNLESS

  • You are on websites with ‘https’ … the little S is for secure. Its like speaking a language that only two people can understand (your computer, and the website).
  • You are using VPN software to encrypt all your wireless communications
  • You are using a wireless device from your cellular phone provider, 3G or 4G network access… This is not WiFi, and is not subject to WiFi Security Policies

Using a VPN client to encrypt and route your wireless communications allows you to create a secure channel for your computer to communicate.
Even if you are accessing a website without HTTPS, your communication to that website is secured through your VPN connection. If there are any bad guys around you listening in on your wifi traffic, it will be safe.

VPN stands for Virtual Private Network. It is good practice to use a VPN when in a public networking spot such as wifi hot spots. This will create a virtual tunnel for your computer to communicate securely through the public network.

Before traveling for work, consult with your IT department about their data security policies when on the road, how to setup your VPN connection (if your company has VPN access), or how to obtain a 3G/4G cellular network card.

 

Let’s stay safe out there!

CSM AGENT COMPLIANCE GUIDES

Cornerstone Senior Marketing Agent Compliance Guide

Best Practices in Medicare Compliance (2020):  Access the Guide

Agent Medicare Marketing Guidelines:  Access the Guide

Agent Life Annuity Marketing Guides:  Access the Guide

 

Aetna’s Remote Selling Tools & Resources

AETNA PDF ENROLLMENT KITS (AND APPLICATIONS) NOW AVAILABLE FOR DOWNLOAD:

Aetna has made their entire enrollment kit available for agents to download, which also includes a PDF version of the enrollment application.

Agents can find the PDF kits in the broker ordering module (access from Producer World, like normal). Same process as ordering kits, but there’s a link to view the kit, which is now a PDF that can be downloaded.

 

REMOTE SELLING TOOLS PDF

2020 PHONE FROM HOME TELEPHONIC OPTION PDF

Humana’s SEP Notice for Individuals affected by COVID-19

2020 Compliance Communication: SEP Notice for Individuals Affected by Covid-19

CMS has officially announced an SEP is available for individuals affected by Covid-19. This SEP is available nationwide to residents of all states, tribes, territories, and the District of Columbia. The SEP can be used until June 30, 2020 under the following circumstances.

Who qualifies for this special enrollment period?

A SEP exists for individuals affected by a major disaster who were unable to, and did not make an election during another valid election period. This includes both enrollment and disenrollment elections. Individuals will be considered “affected” and eligible for this SEP if they:

  • Reside, or resided at the start of the incident period, in an area for which FEMA has declared an emergency or a major disaster and has designated affected counties as eligible to apply for individual or public level assistance; and
  • Had another valid election period at the time of the incident period; and
  • Did not make an election during that other valid election period.

In addition, the SEP is available to those individuals who don’t live in the affected areas but rely on help making healthcare decisions from friends or family members who live in the affected areas.

Nationwide Covid-19 SEP – SEP Start Date March 1, 2020

SEP End Date – June 30, 2020

What Does This Mean to Agents

If an individual wants to enroll and believes they may qualify for this SEP, agents should:

  • Confirm that they had another election period available during the time of the incident period.
  • Once eligibility has been verified, use election code SEP DST on the application.

Enrollments made pursuant to this SEP are effective the first of the month following the receipt of the enrollment request. For enrollment requests where more than one enrollment effective date is possible, agents will need to determine the applicant’s desired effective date.

The Disaster SEP should never be used as a marketing tool to promote MA or PDP sales. Agents should not be actively marketing this SEP, but rather, should be aware that it is available in case they are approached by someone who believes they have missed an election period due to the incident.

Compliance Communication From Humana

Humana has been notified of two issues with Medicare Plan Finder on Medicare.gov.  These are not limited to Humana plans and appears to impact other carriers as well.  Humana has notified CMS of the issue and are awaiting their response.  The issues are related to mail order pharmacies not displaying correctly on the Medicare Plan Finder’s newly redesigned website:

  1. Medicare.gov is not providing preferred mail order pricing or giving an option to view the preferred mail order pricing when beneficiaries click “Review Plan Details”.
  2. When a beneficiary selects that they use both retail and mail order pharmacies, mail order pharmacies do not appear in the results.

In the meantime, Humana is asking agents and prospective members to use Humana’s Rx Calculator tool for mail order pricing information found at the following URL’s:

Agent: https://drug-pricing.apps.cf.humana.com/

Prospective member: www.humana.com/medicaredrugcosts

Tech Tip: Hovering Over Links

How can you tell if an email is safe? Even if you catch red flags in an email, such as typos or poor grammar, an urgent demeanor, or even a spoofed domain, how can you truly decipher the safety of an email?

An immediate step you can take is to watch out for one of the most critical tell-tale signs of a phishing email—a mismatched or fake URL.

Why is hovering important? What can it do for you?
Hovering not only allows you a moment to think before proceeding, it allows you the opportunity to see where a link is going to redirect you. This is especially important because not all links lead to where they appear, or insinuate they’ll go.

When you hover, check for the following to ensure you’re staying safe and secure:

  • If the email appears to be coming from a company, does the hover link match the website of the sender?
  • Does link have a misspelling of a well-known website (Such as Micorsoft.com)?
  • Does the link redirect to a suspicious external domain appearing to look like the sender’s domain(i.e., micorsoft-support.com rather than microsoft.com)?
  • Does the hover link show a URL that does not match where the context of the email claims it will take you?
  • Do you recognize the link’s address or did you even expect to receive the link?
  • Did you receive a blank email with long hyperlinks and no further information or context?

If you notice anything about the email that alarms you, do not click links, open attachments, or even reply. If everything seems okay, but you’re still not sure–verify! Ask your IT team or leadership if the email is legitimate before proceeding.

Remember, you are the last line of defense to prevent cyber criminals from succeeding and making you or your company susceptible to an attack.

 

Let’s stay safe out there!

NAIC Phishing Scam Alert: Please Read!

Cornerstone Senior Marketing would like to inform you of a phishing email scam that is being addressed by the National Association of Insurance Commissioners. The scam is targeting insurance producers regarding a falsified insurance claim related to their company that has been submitted to the National Association of Insurance Commissioners (NAIC).

Full statement taken from NAIC’s Website:

We are aware of a phishing scam targeting insurance producers regarding a falsified insurance claim related to their company that has been submitted to the National Association of Insurance Commissioners. This fraudulent email displays the NAIC and CIPR logo , can originate from a gmail account and asks the recipient to click on a link to download the complaint notification. 

Certain anti-virus products will detect this is a malicious email, but if you receive a similar email and have any concerns contact the NAIC Service Desk at 816.783.8500 or help@naic.org.

 

View sample email from an actual broker

 

If you have any questions or concerns, contact your Cornerstone Senior Marketing Sales representative.