Analysis and Proposed Resolutions of the

Anthem Data Breach

Brody Bond Nicole Worth Tyler Yates
North Carolina State University North Carolina State University North Carolina State University
Raleigh, North Carolina, USA Raleigh, North Carolina, USA Raleigh, North Carolina, USA
[email protected] [email protected] [email protected]

ABSTRACT
In February 2015, Anthem announced that their sys-
tems, including their data warehouse, had been compro-
mised, resulting in the leak of up to 80 million people’s
information. Given the scope of the breach, there are
quite a few news and governmental reports covering
the subject, yet there is a significant lack of analysis
and proposed preventions in direct response. Here we
examine the facts surrounding the breach, evaluate the
methods which the attackers used to conduct the breach,
and propose means to minimize the success of future
attacks.
CCS CONCEPTS
• Security and privacy → Database and storage secu-
rity; Database activity monitoring.
KEYWORDS
Anthem, database, breach, phishing, social engineering,
link-scanning, data security
Authors’ addresses: Brody Bond, North Carolina State University,
Raleigh, North Carolina, USA,
ACM Reference Format:
Brody Bond, Nicole Worth, and Tyler Yates. 2018. Analysis
and Proposed Resolutions of the Anthem Data Breach. J.
ACM 37, 4, Article 111 (August 2018), 8 pages. https://doi.
org/XXXXXXX.XXXXXXX
1 INTRODUCTION
In 2015, Anthem Inc., an insurance provider serving
businesses in eighteen states, announced that hackers
had breached their systems, notably their data ware-
house, and stolen the personal information of up to 80
million people. At the time, the attack was the largest
perpetrated on the healthcare industry [16]. This pa-
per studies information about the attackers, the attack-
ers’ methods, the failures of Anthem, and Anthem’s
response to the attacks in order to
• understand security breaches
• learn how bad actors operate
• inform companies how to protect company and
user data
• combat attackers’ methods, notably social engi-
neering ones
Additionally, future work is proposed in order to com-

[email protected]; Nicole Worth, bat the issues that caused the Anthem data breach and
North Carolina State University, Raleigh, North Carolina, USA, to propose new solutions to increase the effectiveness
[email protected]; Tyler Yates, North Carolina State University, of phishing attack mitigation strategies.
Raleigh, North Carolina, USA, [email protected].
2 BACKGROUND
Permission to make digital or hard copies of all or part of this
According to the California Department of Insurance’s
work for personal or classroom use is granted without fee provided
that copies are not made or distributed for profit or commercial examination team, the data breach started when an
advantage and that copies bear this notice and the full citation employee of an Anthem subsidiary company opened a
on the first page. Copyrights for components of this work owned phishing email. Using this computer as a starting point,
by others than ACM must be honored. Abstracting with credit is the attackers were able to gain access to an increasing
permitted. To copy otherwise, or republish, to post on servers or to number of systems throughout Anthem’s and their sub-
redistribute to lists, requires prior specific permission and/or a fee.
Request permissions from [email protected]

.
sidiaries’ network [9]. Over eleven months after the
© 2018 Association for Computing Machinery. initial system compromise, the breach was detected by
0004-5411/2018/8-ART111 $15.00 an employee who noted his credentials had been used
https://doi.org/XXXXXXX.XXXXXXX to make requests which he hadn’t made to an Anthem
 Figure 1: Condensed timeline of the Anthem data breach.
database [13, 14]. On February 4, 2014, Anthem dis-
closed the data breach to the public, stating that up
to 80 million members had their personal information
stolen. This information included
• names
• social security numbers
• dates of birth
• email addresses
• billing addresses
Notably, billing information was not compromised [13,
16].
2.1 Attackers
According to a statement released by the U.S. Depart-
ment of Justice ’s Office of Public Affairs and a related,
unsealed indictment, the attack on Anthem was carried
out by two Chinese hackers, Fujie Wang and John Doe,
the latter a man with many aliases whose name is not ul-
timately known. The Department of Justice also stated
that the two attackers were members of an "extremely
sophisticated hacking group..." . Beyond this however,
more information about the individuals is unknown,
including the name of the hacking group [6]. In May
2019, Wang and Doe were charged with one count of
conspiracy to commit fraud, one count of conspiracy
to commit wire fraud, and two counts of intentional
damage to a protected computer [19].
2.2 Attackers’ Actions
On February 18, 2014, the attackers sent spear phish-
ing emails to employees of multiple companies. On
that same day, an employee of an Anthem subsidiary
clicked a link contained in the spear phishing email
(i.e., a personalized phishing email designed to mimic
an authentic one), causing a malicious program to be in-
stalled on their computer. This program created a back
door for the attackers to use, permitting them remote
access to the employee’s computer.
"After Defendants [attackers] had obtained the ability
to remotely access a computer system on a Victim’s
[Anthem’s] network, they then sought to move laterally
across the Victim’s computer network and escalate their
privileges on the network (i.e., gain increasingly greater
ability to access information and make changes in the
Victim’s network environment). Defendants sometimes
patiently waited months before taking further action,
quietly maintaining access to the Victim’s network".
Between May and November 2014, the attackers in-
stalled and utilized back doors and credential harvest-
ing tools on Anthem’s systems. The attackers also used
this time to survey Anthem’s systems and establish
servers for storing collected information. Between De-
cember 2014 and January 2015, the attackers queried
information from Anthem’s data warehouse, encrypted
the data, transferred it to servers they owned, and even-
tually transferred the data to computers in China. On
January 31, two days after the attackers were discov-
ered, their connections to Anthem’s systems were shut
down [6]. In total, up to 80 million people had their
information stolen from Anthem, at least 90 distinct
systems in Anthem’s overarching system were compro-
mised, and at least 50 accounts of Anthem or Anthem
subsidiary employees were compromised [9].
2.3 Anthem’s Actions
The attackers’ actions remained unnoticed until Jan-
uary 29, 2015 when an Anthem employee, a database
admin, spotted his credentials had been used for data
queries that he hadn’t made [13]. The FBI was immedi-
ately notified, and all access to Anthem’s databases was
terminated. Per standard procedure, all employees reset
their passwords in the event their accounts had been
compromised. There is a small amount of discrepancy
in between sources, but at most two days later the at-
tackers were completely shut out of Anthem’s systems.
In addition to a public disclosure on February 4, 2015
[16], Anthem also sent emails to all impacted customers.
Since personally identifiable information was included
in the data stolen, Anthem provided multiple services
including credit monitoring, credit repair, child identity
protection, and identity theft insurance, free of charge
to all customers [13]. In 2017, as the result of over 100
lawsuits by people affected by the data breach, Anthem
reached a settlement of $115 million [15].
2.4 Anthem’s Security Measures
Prior to the data breach, Anthem did not encrypt infor-
mation stored in its database, but did for information it
sent and received [20]. Per [12], encryption of informa-
tion stored in a database is not required if a company
can implement an equivalent level of security and pro-
vide the reasoning for their decision to not encrypt
their data. According to a spokesperson for Anthem,
"We use other measures, including elevated user cre-
dentials, to limit access to the data when it is residing
in a database" [20]. Thus, Anthem was in compliance
with HIPAA regulations. While an encrypted database
would have slowed the attackers by forcing them to
decrypt the data before reading it as cleartext, it would
not have prevented them from stealing the information.
According to the same spokesperson, not encrypting
data while it is in storage is common for the insurance
industry [20]. This is because encrypted data takes time,
which companies often feel they don’t have, to decrypt.
After the data breach, Anthem made three changes
to their security. The first change, a proactive secu-
rity improvement, was the addition of two-factor au-
thentication to validate the authenticity of employees
accessing Anthem’s system. While this would have
helped prevent the attackers from using credentials
they stole, it may not have stopped them from access-
ing Anthem’s systems via back doors they installed. The
second change, also proactive, was to strengthen their
privileged account management system to better con-
trol and watch users’ actions. This would have stopped
the data breach as the hackers would not have been
able to escalate their own permission levels and gain
access to more of Anthem’s systems. The third change,
a reactive security modification, was to improve log-
ging capabilities. Better logging capabilities would have
made it easier for employees to catch unauthorized ac-
tions in the system, leading to a quicker expulsion of
the attackers from it [9].
3 PHISHING
As mentioned in the background of this paper, the ini-
tial mode of attack was a form of phishing called spear
phishing. The act of phishing is a form of cyber attack
whereby attackers craft communications that appear
to be from a legitimate source with the intention of
gaining private data from or internal access to a tar-
get. These communications can range from generic to
highly researched, detailed approaches that fool even
cybersecurity experts. Spear phishing is a targeted form
of phishing attack, in which the target is a specific user
or group within a company.
3.1 Effectiveness
Part of what makes phishing attacks so dangerous and
effective is how they are designed. Attackers craft emails
and other messages that evoke strong emotions that
override a target’s logic, such as fear, curiosity, urgency,
or greed [2]. Some messages are designed to look like
official government missives asking recipients to verify
personal details, while others are composed like inter-
nal memos asking employees to download software or
perform other routine company operations [18]. These
messages contain corrupted links or attachments that,
when the user opens or uses them, allow the attacker
access to the computer and its data. In the case of An-
them’s data hack, the emails that were sent to employ-
ees contained a hyperlink that housed the malicious
program [19].
The more sophisticated cybercriminals employ social
engineering tactics; they research the company or indi-
vidual to see what real messages they send and receive,
purchases they make, websites they visit frequently,
etc, in order to make their attacks as realistic as pos-
sible. This is the case with spear phishing – instead
of sending a widespread, generic email to all company
employees attackers select a few individuals to research
specifically, increasing the likelihood that they can fool
that particular individual.
Another reason that phishing attacks are danger-
ous is their continually evolving nature. Attackers are
constantly refining their attacks based on which ap-
proaches are successful, and coming up with innova-
tive ways to trick recipients. It only takes one person
to fall prey to a particularly convincing message for a
company to be compromised.
4 DISCUSSION
Phishing attacks have been, and continue to be a danger
to individuals and companies in the online world. In
this particular case, even though Anthem was quick
in their handling of the breach once made aware of it,
provided services to protect users’ whose information
was stolen, and strengthened their existing security,
there are interesting areas to think about related to the
incident.
4.1 Data Security
Cases like this one where data security is impacted
raise some important questions about how data is pro-
tected, and the strongest ways to do so. In researching
the method of attack and how it was carried out in
this instance, it is clear that the vulnerability that was
exploited was not the system, but the users within it.
“Humans are the weakest link” remains an adage of the
cybersecurity world because no matter how secure your
system is, if your employees are not properly trained
or do not follow the policies within it, attackers can
still penetrate it [17]. The ideal secure system would
be one that essentially removes the human element,
a black box that requires no human interaction and
contains no interface for accessing its inner elements.
However, a system like this raises the question of how
much power and trust should be given to automation
to determine what qualifies as a phishing attack and
prevent it from occurring. A machine is not susceptible
to the same pathos as human users are, but may not
be able to recognize the context of a given message.
More on this subject can be found in the Future Work
– Machine Learning section of this paper.
Another question raised by considering the human
factor of cybersecurity is how the prevention software
works in tandem with the human element. Cybersecu-
rity teams want to implement the most effective protec-
tion for the system, but if that protection is too imposing
or disruptive to the system’s users is it really effective?
The more complex or unwieldy a system is, the more
likely a user is to try and find a way to make it easier
for themselves, thus circumventing the exact measures
put in place to protect it. A simple example of this is in
passwords – many places want users to use complex,
multi-character passwords but if the password isn’t one
that a user will readily remember, the odds are strong
that the user will write it down and keep it in their desk.
All a malicious entity has to do then is find the written
down password to access the system. It is important for
data security that any implementation walks the line
between being secure and user-friendly.
4.2 Data Loss Effects
The loss of data in this attack on Anthem was stagger-
ing; the personal information of 80 million people is
a huge data mine. Once an individual’s data is stolen,
they can face the effects of the loss for years. With the
kind of personal information that was taken, criminals
can impersonate the victims to commit different kinds
of fraud, or execute individual phishing attacks to steal
account information for their jobs, banks or other sites
[4]. It is also possible that they would sell the informa-
tion on the dark web at any point, making it harder for
victims to recover and for investigators to prosecute.
There are also other effects on the individuals including
emotional damage, loss of social life, and even physical
symptoms. Emotionally, identity theft is quite literally
the loss of identity, which can lead to feeling helpless,
angry, stressed, or afraid [8]. Affected individuals may
suffer a loss in their social life from these feelings, and
from any damage the attackers cause to their social
media accounts. In extreme situations, physical symp-
toms like pain, loss of sleep, etc. can occur [7]. All of
these effects show just how important it is that compa-
nies secure their data, and individuals pay attention to
any strange communications they receive, to prevent
phishing attacks from being successful.
4.3 Follow-Up Attacks
In looking into the aftermath of the Anthem hack, a
worrying side effect of informing the public of the
attack was the occurrence of secondary phishing at-
tacks on individuals whose data was stolen. These in-
dividuals, both past and present Anthem customers
at the time, were sent scam emails in the weeks after
the initial attack occurred. These emails supposedly
were from Anthem and contained a link to a credit-
monitoring service [11]. While Anthem was providing
credit-monitoring services to affected customers, they
were doing so through the postal service [4]. Thus these
emails were not from the company, but from cyber crim-
inals looking to take advantage of scared victims. An
attack veiled under the guise of providing assistance is
particularly dangerous because people are more likely
to be susceptible when they ordinarily would not click
a suspicious email. This is something that in the fu-
ture affected individuals should be wary of, and both
the affected companies and law enforcement should be
very clear on how information on the attack will be
dispersed. In doing so, it makes it harder for criminals
to abuse the flow of information to re-victimize anyone
involved.
4.4 Foreign Entities
Another aspect of this case that should be discussed
is the foreign entities involved. The insurance com-
missioners and investigation teams that examined the
attack determined that it was within reason that the
attackers were working under the direction of a foreign
government [9]. While many sources were reluctant
to outright place blame, China appears as the culprit
in most eyes. This would be a reasonable conclusion,
considering that “China has a vibrant biotechnology [in-
dustry] where healthcare information could be compet-
itively relevant to them” [9] and there have been other
instances where the country has had state-sponsored
hacking [10]. The thought of a foreign government col-
lecting data on US citizens is not comforting. Blackmail
and surveillance are two of many harmful purposes that
the collected personal information could be used for,
and with the amount of people whose data was stolen it
is a sobering situation. The Anthem data hack is an ex-
ample of how, as the world progresses further into the
digital age, information security must be a priority for
governments to protect their citizens from malicious
entities.
5 FUTURE WORK
The challenges with combating phishing attacks can
be broken down into two categories: the challenge
associated with preventing phishing attacks and the
challenge of detecting successful phishing attacks. An-
them’s changes to their security measures following
the attack focused on both proactive and reactive secu-
rity measures, ensuring future attacks would be more
difficult and, if they were successful, more easily de-
tected. However, as the technological landscape is al-
ways changing, so to are the threats professionals must
prepare for. The following addresses the prevention
of phishing attacks through education, the limitations
associated with combating phishing, proposals on how
to deal with these challenges in future work, and also
discuss newer mitigation techniques.
5.1 Limitations of Prevention:
Phishing Education
Phishing education entails educating employees on how
to spot and avoid phishing attacks. There were a re-
ported 400,000 phishing sites detected per month in
2016 [1]. The likelihood of every person that received
one of these 400,000 links having the proper knowledge
of phishing attacks is low. Companies educating em-
ployees on how to spot phishing attacks and not to click
links from unknown sources seems like a good way to
prevent phishing attacks, but has been proven unsuc-
cessful. Attackers often have the time and resources to
make their links look very convincing and legitimate.
Per [1], there are three main reasons phishing education
is unreliable on its own: distraction, spear phishing, and
curiosity. When completing their daily tasks, people be-
come easily distracted, with a mindset of going through
the motions in order to complete their work, employees
are more likely to not be paying enough attention and
click a malicious link. Spear phishing is a type of phish-
ing where the attacker makes the email appear to be
coming from an internal source, a company executive
for example. Spear phishing has become so realistic that
many employees, even those who have gone through
phishing education, can be easily tricked into supplying
sensitive information to attackers. A study conducted
by FAU concluded that 56% of recipients clicked a link
claiming to contain images from a party. A follow-up
questionnaire determined that the link was clicked due
to curiosity of seeing the images or determining the
identity of the sender, even though 78% also reported
knowing the risks of unknown-links [3]. While phish-
ing education should be a part of phishing mitigation,
these factors and studies prove that it is not effective
enough to rely on.
5.2 Limitations of Prevention:
Link-Scanning
Link-scanning is the process of software examining
link’s for malicious content and notifying users of pos-
sible malicious intent. Link-scanning does not prevent
users from clicking the link out of curiosity, although
some email servers may prevent emails with possible
malicious links from being received by the recipient.
The main limitation with link scanning is that it re-
lies on the link having an established reputation as
malicious. A link gains negative reputation by being
reported to specific websites which maintain databases
of malicious or suspicious links. [5]. ’Zero-day URLs’
refers to a link that has recently been created. There-
fore, zero-day links will not be flagged as malicious
by link-scanning software because the link has not yet
been marked malicious and included in these databases.
For this reason, link-scanning to prevent phishing at-
tacks can be problematic. In an analysis of Google Safe
Browsing, "the gold standard database for malicious
links", only 14% of emails containing malicious links
were blocked; the other 86% contained zero-day links
[5]. Link-scanning is a successful mitigation technique
when links have been established as malicious, however
zero-day links prove that link-scanning is not a fool
proof method for preventing phishing attacks.
5.3 Machine Learning
Machine learning to detect malicious links is a new con-
cept in phishing mitigation. Preliminary experiments
show that machine learning can be a valuable tool in
preventing phishing attacks. Some machine learning
models have shown 96% accuracy in detecting malicious
links. However, many of these models are unready for
implementation due to network delays caused by fea-
ture extraction [21]. Machine learning has potential to
be a successful mitigation strategy for phishing attacks,
but more development needs to be done before it can
be put to use.
5.4 Proposed Work
The above highlights key issues with phishing pre-
vention techniques. Evidence suggests that more work
needs to be done in order to reliably combat phishing
attacks. Machine learning has proven to be a poten-
tial mitigation strategy, but more work needs to be
conducted in order to find better feature extraction
techniques. While improvements in link-scanning have
been made by examining domain traffic and recording
new domains, there is a lot left to be done, especially in
relation to zero-day phishing attacks. We recommend
future work be done in order to detect spear phishing
specifically, since it is currently the most sophisticated
and hard to detect phishing strategy. Phishing educa-
tion should remain a mitigation strategy, however the
education needs to be more robust and convey the dam-
age that phishing attacks can cause to ensure people
act on their education.
6 CONCLUSION
Through an analysis of the Anthem security breach, we
can better better understand attacks carried out through
phishing, how bad actors operate, and discuss ways to
combat these offenses. Phishing attacks occur when
a malicious link is opened, allowing the attackers to
infiltrate the victim’s network. This allows attackers
to obtain more secure data which, in the case of An-
them, included personally identifiable information. Our
analysis focused on ways to prevent such attacks from
occurring, namely phishing education, link-scanning,
and machine learning. In addition, we analyzed road-
blocks to future work in these fields. As "humans are
the weakest link", and until improvements can be made
to anti-phishing software, human education is the best
means to ensure system security.
REFERENCES settlement/anthem-to-pay-record-115-million-to-settle-u-s-
[1] Eyal Benishti. 2017. The Limitations Of Phishing Educa- lawsuits-over-data-breach-idUSKBN19E2ML
tion. DARKReading. https://www.darkreading.com/threat- [16] Adam Rubenfire. 2015. Hackers breach Anthem; 80M exposed.
intelligence/the-limitations-of-phishing-education Modern Healthcare. https://www.modernhealthcare.com/
[2] Cisco. 2022. What Is Phishing? Cisco. https: article/20150204/NEWS/302049928/hackers-breach-anthem-
//www.cisco.com/c/en/us/products/security/email- 80m-exposed
security/what-is-phishing.html#~how-phishing-works [17] SHRM. 2021. The Weakest Link in Cybersecurity.
[3] Friedrich-Alexander-Universität Erlangen-Nürnberg. SHRM. https://www.shrm.org/hr-today/news/all-things-
2016. The Limitations Of Phishing Education. work/pages/the-weakest-link-in-cybersecurity.aspx
Friedrich-Alexander-Universität Erlangen-Nürnberg. [18] Terranova. 2021. 19 Examples of Common Phishing Emails.
https://www.fau.eu/2016/08/25/news/research/one-in-two- Terranova. https://terranovasecurity.com/top-examples-of-
users-click-on-links-from-unknown-senders/ phishing-emails/
[4] Kelli B. Grant. 2015. Anthem victims’ first hack symptom: [19] Office of Public Affairs United States Department of Justice.
Phishing scams. CNBC. https://www.cnbc.com/2015/02/06/ 2019. Member of Sophisticated China-Based Hacking Group
anthem-victims-first-hack-symptom-phishing-scams.html Indicted for Series of Computer Intrusions, Including 2015
[5] Reece Guida. 2018. Why Does Link Scanning Miss so Many Data Breach of Health Insurer Anthem Inc. Affecting Over 78
Phishing Attacks? Avanan. https://www.avanan.com/blog/ Million People. https://www.justice.gov/opa/pr/member-
does-link-scanning-prevent-phishing sophisticated-china-based-hacking-group-indicted-series-
[6] UNITED STATES DISTRICT COURT SOUTHERN DIS- computer-intrusions-including
TRICT OF INDIANA. 2019. USA vs WANG et al. Case [20] Danny Yadron and Melinda Beck. 2015. Health Insurer
1:19-cr-00153-JRS-MJD. https://www.justice.gov/opa/press- Anthem Didn’t Encrypt Data in Theft. Wall Street Jour-
release/file/1161466/download nal. https://www.wsj.com/articles/investigators-eye-china-
[7] Alison Grace Johansen. 2021. 4 Lasting Effects of Identity in-anthem-hack-1423167560
Theft. LifeLock. https://www.lifelock.com/learn/identity- [21] Abdelhakim Hannousse & Salima Yahiouche. 2021 [Online].
theft-resources/lasting-effects-of-identity-theft doi: https://doi.org/10.1016/j.engappai.2021.104347. Towards
[8] Ben Luthi. 2019. What to Know About the Effects of Iden- benchmark datasets for machine learning based website phish-
tity Theft. Experian. https://www.experian.com/blogs/ask- ing detection: An experimental study. Engineering Applica-
experian/how-long-can-the-effects-of-identity-theft-last/ tions of Artificial Intelligence 104 (June 6 2021 [Online]. doi:
[9] Marianne Kolbasuk McGee. 2017. A New In-Depth https://doi.org/10.1016/j.engappai.2021.104347).
Analysis of Anthem Breach. Bank Info Security.
https://www.bankinfosecurity.com/new-in-depth-analysis- A INDIVIDUAL CONTRIBUTIONS
anthem-breach-a-9627#:~:text=The%20investigation%20by%
20the%20insurance,phishing%20email%20containing% A.1 Brody Bond
20malicious%20content
[10] Lily Hay Newman. 2019. Anthem Warns Cus- • .tex setup
tomers About ’Phishing’ Email Scam. Wired. • Introduction
https://www.wired.com/story/anthem-hack-indictment- • Abstract
china/#:~:text=The%20US%20government%20accused%2032, • Timeline Graphic
responsible%20for%20three%20other%20large • Background
[11] NBC News. 2015. Anthem Warns Customers About ’Phishing’
Email Scam. NBC News. https://www.nbcnews.com/business/
• Background - Attackers
consumer/anthem-warns-customers-about-phishing-email- • Background - Attackers’ Actions
scam-n301701 • Background - Anthem’s Actions
[12] U.S. Department of Health & Human Services. 2013. Is the • Background - Anthem’s Security Measures
use of encryption mandatory in the Security Rule? https: • Citations
//www.hhs.gov/hipaa/for-professionals/faq/2001/is-the-use-
• Editor: Future Work
of-encryption-mandatory-in-the-security-rule/index.html
[13] California Department of Insurance. 2015. Anthem Data • Editor: Future Work - Limitations of Prevention:
Breach. https://www.insurance.ca.gov/0400-news/0100-press- Link-Scanning
releases/anthemcyberattack.cfm • Editor: Future Work - Proposed Work
[14] Connecticut Office of the State Comptroller. 2015. Alert: An- • Editor: Conclusion
them Data Breach. https://www.osc.ct.gov/anthembreach.
html
[15] Brendan Pierson. 2017. Anthem to pay record $115 mil-
A.2 Nicole Worth
lion to settle U.S. lawsuits over data breach. Reuters. • Phishing
https://www.reuters.com/article/us-anthem-cyber- • Phishing - Effectiveness
• Discussion
• Discussion - Data Security
• Discussion - Data Loss Effects
• Discussion - Follow Up Attacks
• Discussion - Foreign Entities
• Editor: Future Work
• Editor: Limitations of Prevention: Phishing Edu-
cation
• Editor: Limitations of Prevention: Link-Scanning
• Editor: Proposed Work
A.3 Tyler Yates
• Future Work
• Limitations of Prevention: Phishing Education
• Limitations of Prevention: Link-Scanning
• Proposed Work
• Conclusion
• Editor: Introduction
• Editor: Background - Attackers
• Editor: Background - Attackers’ Actions
• Editor: Background - Anthem’s Actions
• Editor: Background - Anthem’s Security Measures