Someone emailed my boss a while back pretending to be me. Asked that my direct deposit be changed. Boss told me he nearly sent it to the accountant but decided he should double check with me first. People are assholes.

Sounds like your insurance company has a data leak problem

One of the best anti-scam advice I was ever given was to always call the number I knew was valid like the one on my insurance card in this instance and verify that way.

Don't feel bad about it.

About three years ago I got a call from my credit card company asking me if I had booked a first class flight from New York to Milan for $2,000 and reserved a five star hotel in Italy for $1,000 a night, plus a few other hundred dollar charges of other things.

I have travelled overseas before but I'm a budget traveller and I wouldn't spend money like that ... plus my travelling days were basically over anyway ... plus I don't live, work or go near New York city, I'm in northern Ontario, Canada!

I cancelled the card immediately and started looking back on what I had done that led to this. The only thing I could point to was that about a month or two before, I had been playing around with a bunch of phone apps and a few Chinese face filter apps I had experimented with and had signed up to trial subscriptions without knowing it which gave my credit card information through Google Play. I'm very careful with my credit card and apply every security feature that is given but that one slip up gave me away. I now layer Google play purchases behind Pay Pal tagged to a limited Credit Card to just that account and with all security, two factor authentication I can apply on everything.

As security minded as all this can be, all security professionals agree that the weakest link to any secure system are the fallible humans (and I'm one of them) who operate this stuff.

Report this to the authorities. The pharmacy should also report it and do an investigation.

The FBI would be happy to look into this. Chances are you are not the only victim.

Scams are getting pretty wild out there, and pretty convoluted.

Thanks for the heads up for this type of scam, in particular.

Change Healthcare just announced data for 100 million people was stolen when they got breached back in Feb. They handle all kinds of pharmacy stuff so I imagine this will happen a lot here on out.

Scammers are crafty assholes.

Your health insurance information may have been leaked. There’s been a ton of data leaks as of recent and it’s not unlikely that a list of health insurance providers and their customers are on the dark web somewhere and this is where they got that information about you.

Worse about these data leaks is that a lot of the ones being announced happened months ago, so it’s likely we still have some leaks that haven’t yet made it to the news to let people know their information is out there.

Getting your health data from the pharmacy may have just been the next step in their plan of getting to you to trick you into giving up money, or somehow using your information to do something illegal.

Glad they helped you