• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   The Coming Risk of Scam “Obamacare” Sites

The Coming Risk of Scam “Obamacare” Sites

  • Posted on:September 26, 2013
  • Posted in:Industry News, Security
  • Posted by:Christopher Budd (Global Threat Communications)
2

In the United States on October 1, 2013 a major provision of the Affordable Care Act (also popularly known as “Obamacare”) goes into effect. The Health Insurance Exchange will go live. These sites are where people will be able to sign up for health care coverage themselves rather than through their employer. One way people will be able to sign up for coverage after October 1 is online. But because of the way this online registration will work and the type of information people will have to enter to get health care coverage, there’s a real risk of a perfect storm that can make this process a bonanza for identity thieves and cybercriminals. This could be the most significant new area for phishing and identity theft in the next year in the United States. It also can give established healthcare scammers a new field to look for victims.

The root problem is that the Health Insurance Exchange isn’t made up of a single, authoritative site where people can go and register for coverage. In addition to the Federal site, people can apply for coverage at sites run by individual states. Then, within each state, there can also be legitimate third-party sites that provide assistance and even broker coverage.

When a person starts looking through sites to find one, at this time, they’re faced with the challenge that there’s no official marking or labeling that they can look at on a site to know that it’s an officially sanctioned site. A survey of state and third-party sites also shows that official sites aren’t required to provide the ability to verify the site using SSL: many of them don’t provide it for site verification at all, though the Federal site does. As people look for health care exchanges, they’re going to be faced with potentially hundreds or thousands of sites that claim to be legitimate but won’t be able to easily verify that claim.

The next problem is that when applying for health care coverage, you have to provide all of your most sensitive personal information not only for yourself but your entire family. Most of us won’t give our social security numbers out willingly. But when it comes to health care, the industry uses that information so regularly that we’ve come to accept handing that information over as a matter of course (even if we don’t like it).

Put these two things together and you’ve got a situation where people are primed to give away their most critical personal information to legitimate sites but can’t be sure of finding their way to those legitimate sites.

This is a perfect environment for identity thieves and other criminals to put together bogus sites to get personal information they can use or sell on the digital underground. And this situation also provides an opportunity for old fashioned healthcare scammers to offer bogus coverage and fraudulent billing scams to more unsuspecting people.

There are ways to try and protect yourself from people trying to take advantage of this situation. First, absolutely do not use a search engine as your starting point when looking for coverage. Instead, you should start your search at a known, trusted source: the Federal Government’s or your state government’s sites.  Use these sites to identify the resources they’ve identified as trustworthy. With that information you can then get more information by going to the sites they recommend (by typing the URL in yourself), calling the numbers listed or even visiting in person. If you do choose to register online, web reputation services that can be found in products like our Titanium can provide an extra degree of protection from known scam sites.

The Health Insurance Exchange is a huge change for the United States.And in the midst of change there’s always confusion. Confusion creates the sort of opportunities that criminals capitalize on. Hopefully in time, this process will become more mature and have better controls to prevent bogus, scam sites. But until then, you have to take time to be extra careful because this will be a great way for criminals to easily get critical personal information they can use maliciously.

 

Updated to correct Healthcare Exchange terminology based on reader feedback.

Related posts:

  1. Affordable Care Act-related sites need an online seal program
  2. Why Digital Certificates are Important for Health Care Sites and How to Use Them
  3. Assessing the security red flags on healthcare.gov
  4. Ask Vic – Is the Credit Karma service legitimate or a scam?

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.