In a campaign designed to steal sensitive information and funds, fraudulent organizations have been impersonating the Missouri Medicaid Audit and Compliance Unit in emails, according to an alert from the Missouri Department of Social Services.
MMAC has reported an increase in cybersecurity threats specifically targeting health care organizations, including Medicaid providers.
The threats have been appearing in fraudulent emails that falsely claim that an individual's provider account is subject to "arrest and closure" unless a late "account fee" is paid, according to the release.
MMAC said these messages are not legitimate and are a part of a phishing campaign. Phishing is where fraudsters falsely pose as a legitimate organization.
The MMAC said that to avoid phishing expeditions, do not click on suspicious links or download attachments from unknown senders. It's important to verify the sender’s email address and domain carefully. Official MMAC communications will come from a @dss.mo.gov domain, according to the news release.
Urgent or threatening language that makes you panic or says you must take immediate action is another sign of a fraudulent email. Misspellings, poor grammatical structure, and incorrect or unfamiliar acronyms are also common indicators of phishing attempts, according to the news release.
In general, MMAC will never initiate electronic fund transfer changes via email, provide account numbers, routing numbers or other sensitive banking information in an email, according to the news release.
As part of the verification process, MMAC will ask providers to disclose old or closed account information. MMAC allows for partial account and routing number disclosures such as XXXXX789, according to the release. You should always verify EFT change requests through a known MMAC contact or phone number, the release said.
MMAC said in the release that if you receive a suspicious email, you should not respond.
