Warning – Obamacare & Malicious Websites/ Emails


With the start of Obamacare (Affordable Care Act) Open Enrollment not only do you have another way to purchase health insurance, it also opened the door for savvy scammers to launch all new ways to get your personal information.

To start with only the main website healthcare.gov is required to have an SSL certificte, which is a digital certificate that allows secure connections from a web server to a browser over https protocol.  State sites aren’t required by the law to use an SSL and if you use the https:// instead of http:// you’ll be hit or miss with the different State sites.  And that says nothing for the third party broker sites involved.

So right from the start the whole mess is open to phishing.  Phishing is actively attempting to defraud an online account holder of financial or personal information by posing as a legitimate company.  How many phishing scams are out there right now posing as legitimate third party brokers or government sites is impossible to determine, but number is at least in the hundreds and likely the thousands.

Next you have the bombardment of emails telling you to enroll and calls from who knows where trying to get you to sign up in the new insurance marketplace.  Think of all the emails over the years that have pretended to be from your bank or credit cards, only to redirect you to a phishing site; this problem could be exponentially worse with the health insurance marketplace.

And what are these illegitimate websites, emails and callers after?  Just stop to consider what we are all so accustomed to providing every time we seek a medical service – name, address, phone, birth date, and social security number.  This is likely one of the most fertile grounds for identity theft we’ve ever seen.  We’re so accustomed to handing over that information for medical services I doubt anyone would even think twice about providing it to an insurance broker or government entity that looks legitimate.

So how do you protect yourself?  Make sure whenever you are transacting business online, that involves your personal or financial data, that you are only doing business with verifiable, reputable companies and that they are using https protocol to ensure a secure connection between your browser and their server.  If you can’t verify they are who they say they are, or they aren’t using secure protocol it’s better to walk away than find your identity has been compromised.


Leave a Reply

Your email address will not be published.

Back to top