When the long-awaited federal and state health insurance exchange websites launched Oct. 1, industry experts everywhere predicted an array of problems — slow load times, inconvenient registration requirements and even site crashes — many of which came true. Now that the dust from the initial pandemonium has settled, it’s clear there’s one big issue with the exchange sites few experts were able to predict: fraud.
So far, most of the fraud has been of the information-gathering variety; consumers are directed to websites almost identical to the federal or state exchange sites and instructed to enter basic information for registration. Some sites even ask consumers to enter financial information, such as credit card or bank account numbers, but according to experts, scammers will take whatever information they can get.
“Scammers go after whatever personal data they can get, including Social Security numbers, credit card numbers, and, in some cases, even security questions and answers,” explains Greg Mancusi-Ungaro, chief marketing officer at BrandProtect, an organization that provides corporations with tools to monitor online activities that misuse or misappropriate corporate brands.
“People tend to choose the same security questions, and the clever scammer will ask those questions and then use that information,” he says.
“They really want to capture any personal data that will either allow them to directly access your bank accounts, or they are after any information that will allow them access to your email account,” adds Dylan Sachs, director of identity theft at BrandProtect.
“If you think about it, if a scammer has access to your email, they’ll now have access to all of your social media profiles, banking information, utilities information, and medical information. Everything you do requires some kind of email address. If the criminal can capture your email, they can dig through your archives to find your bank account or even your Facebook username or password.”
“They can reset your passwords to whatever they like, so then they have access to your entire friends network,” Sachs says. “It’s not just the financial information; they want identity information, too.”
With that information, Mancusi-Ungaro explains, scammers can control your online identity and personalities.
“Once they have that, there’s almost no limit to what they can do,” he says.
As soon as the exchange sites launched, right alongside them were fake websites that show up high in Google search rankings and look official, so many consumers — especially older, less savvy seekers of health insurance — wouldn’t know that they’re entering information on a fraudulent website. But Google isn’t the only way that scammers have enticed consumers, notes Mancusi-Ungaro.
“It’s fairly easy for a scammer to inundate email accounts with messages that say ‘Only five days left! Click here to go directly to the connector,’ or, ‘The exchange site is now up and running successfully. Click here to bypass the main login page and go directly to choose your plan.’ In a time-pressured world where everybody’s talking about how the exchanges aren’t working, that’s a motivated message, and if it drives consumers to a site that looks appropriate, and they are seeing health plans, suddenly the dupe is done.”
Sachs adds that because scammers tend to keep up with current events and the news, their strategies often take advantage of consumer confusion.
“They leverage what makes the news, what the current events are, to prey on people’s vulnerabilities — and their fears and generosities, as well,” he says. “Whenever a natural disaster happens that affects hundreds of thousands of people, all of a sudden, you see these scam charities or fake Red Cross sites appear, but the contributions are really just going to some bad guy.”
And the Patient Protection and Affordable Care Act is a prime target because, as Mancusi-Ungaro notes, “the rollout in America is basically an online event. Just like Cyber Monday is an online event. Scammers anticipate when these online events will occur — and when people are motivated to go online and complete a transaction, the scammers go crazy.”
From a corporate perspective, companies whose brands are being appropriated for scam purposes should be aware of where and how their brands are being used — because if a well-known corporate brand is being used to perpetuate a scam, consumers are likely to blame the appropriated brand.
“It’s incumbent upon large companies with valuable brands to take action to find and mitigate these online threats before they become serious business impediments,” Mancusi-Ungaro says.
Sachs adds that brokers can help consumers by passing along information to help identify a scam.
“When you receive an email that expresses some type of urgency, anything that puts pressure on you, chances are its fake,” he says. “Always be suspicious if you are being pressured to do something. When in doubt, pick up the phone.”