Caveat Emptor – Let the Buyer Beware of Health Care Phish

Posted by

Caveat emptor — “Let the buyer beware” is a good rule of thumb for people to keep in mind as they begin to sign up for health insurance under the new exchanges established in accordance with the Affordable Care Act. Law enforcement and security professionals are warning consumers to beware of phishing schemes associated with the new health care exchanges. Insurers and employers alike can assist in this effort by educating consumers and employees on this danger and provide practical suggestions for ensuring that they do not get caught up in the scam.

As with all phishing schemes, scammers are attempting to obtain personal information such as social security numbers, bank account information, and/or dates of birth by using official looking devices to deceive the consumer. These devices include phone calls and emails that appear to be from authentic sources such as employers, government agencies or insurance companies.

These schemes work something like this. A scammer will call or send an email that plays to the recipient’s greed or fears. For example, one email (which may come from the recipient’s employer or insurance company) may convey a “too good to be true” deal on insurance.

Alternatively, the message will say that unless the recipient provides certain personal information right away, something bad will happen such as the recipient may lose a government benefit or the insurance policy will not be activated. In either event, the recipient is requested to provide the information on the phone, reply to the email, or click on a link which opens to an official looking website. The hope is that the recipient will act without thinking too much about it.

A good rule of thumb is: verify, verify, verify.  Even if the call or email appears authentic, stop, do not respond, and think. If it is a phone call, get the caller’s name and return number and then hang up. Do not give out any information right then and there. Those who receive this information via email should not respond to the email or click any links (to avoid catching a virus).

If the call or email comes from an “employer”, call the HR department to confirm. Do not use the number provided by the caller or the email. Use the regular number. If the call or email is related to the healthcare exchanges, go to www.healthcare.gov. From there, one can access the state’s official exchange website with the official contact information for that agency. The official agency can then assist with verifying the veracity of the call or email. (The same rules hold true for any type of communication.)

While law enforcement and consumer protection groups are doing their best to protect consumers from these scams, the best protection is for consumers to adopt a healthy attitude of caveat emptor and verify, verify, verify.