Friday, November 15, 2013

Caveat Emptor - Heath care phishing schemes

Posted by Paul Babicki
Netiquette IQ

CMIT Solutions of Pennington

How to Identify and Avoid Health Insurance Enrollment-Related Phishing Scams

Submitted by Nick McGregor on Tuesday, October 29, 2013

The October 1st rollout of federal health insurance exchanges has suffered from numerous technological glitches. However, another negative outcome — phishing scams disguised as official-looking enrollment emails — isn’t the fault of the government or its IT contractors.

• Why phishing, and why now? Periods of confusion provide great opportunities for a scammer. The current 
upheaval in health insurance delivery, with the federal site, multiple state-run exchanges, Medicaid expansion, and legitimate third-party/broker options, is a great example. Consumers are "faced with the challenge that there’s no official marking or labeling that they can look at on a site to know that it’s officially sanctioned,” says Christopher Budd, threat communications manager for Trend Micro. "A survey of state and third-party sites also shows that [many] aren’t required to verify the site using SSL [secure socket layers].” As a consequence, consumers are “going to be faced with potentially hundreds or thousands of sites that claim to be legitimate but won’t be able to easily verify that claim.”

• What do these scams look like? Many suspicious emails will purport to be serious communications about health insurance enrollment. But rather than directing users to or an official state site, links point to bogus websites designed to glean personal information. In certain instances, simply opening an email or clicking on a link will immediately load malware on a user’s computer.

• How can these phishing scams be prevented? The first step is obvious: avoid opening any email that comes from an unrecognized sender, especially if it contains attachments or links that look suspicious. URLs like,, and are NOT official sites. Meanwhile, Internet addresses that contain long strings of jumbled letters and numbers instead of words are also indications of scams. Avoiding search engine queries to find health insurance exchanges is another way to steer clear of fake sites.

• What can small businesses do to protect themselves and their employees? Company-wide Internet filtering can prevent workers from accessing some unauthorized websites. Employers should also take extra precautions to alert their employees when and from whom any insurance or enrollment-related communications will arrive. Also, notifying IT support staff — whether internal or external — when obvious phishing attempts do arrive can also cut down on future threat of fraud or infection.

Anyone with questions about the health care exchanges is encouraged to call the federal hotline at 1-800-318-2596 (small businesses can call 1-800-706-7893). Although is still experiencing some technical glitches, recent news reports state that call center wait times are currently quite short.


About Netiquette IQ

My book, "NetiquetteIQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email" has gone on sale at the CreateSpace estore:

 As a NetiquetteIQ blog reader, you can use the discount code KBQALZA7. This discount is only through the estore. Thank you for your support on the blog and with the book. The book and Kindle version are now available on Amazon. Please visit my author profile at

More good news!

The Kindle version of my book is now available! Go to the following site to purchase it:



No comments:

Post a Comment