Fraudsters are targeting HSAs and benefits accounts, and they’re especially active during the open enrollment period. These scams use urgency and confusion to gain access to your sensitive data.
Imagine you receive an email during open enrollment, encouraging you to update your benefits. Since it’s open enrollment and everyone is updating your benefits, you don’t think twice about opening it. You click the link and enter your login, only for a scammer to gain access to your account – which includes your HSA and personal information.
What Is Employee Benefits & HSA Fraud?
Benefits and HSA fraud targets your benefits at work like your Health Savings Account (HSA), payroll deductions, and benefits enrollment platforms. Scammers do this by using phishing tactics such as impersonating a benefits provider via phone or email.
Common Scam Tactics
- Phishing Emails & Fake Enrollment Links: You may receive an email asking you to update your benefits. These can come from a scammer spoofing the email of someone in HR or a benefits provider.
- >Impersonation: Instead of just sending a fake email, scammers may send calls or texts pretending to be HR or a benefits provider. These messages and calls may request your login or verification codes.
- >Account Takeover: Once scammers steal your login credentials, they may use this to change your direct deposit information, drain your HSA funds, or submit false claims.
- Fake Reimbursement or Claim Requests: Scammers may use your information to make fraudulent medical expense submissions, or request documentation to harvest your personal information.
Red Flags to Watch For
If you receive a message from someone encouraging you to update or change your benefits, look for these red flags before taking action.
Urgent Language: Does the message urge you to “Act now or lose coverage?” Scammers commonly use urgency to get you to respond quickly.
Unexpected Benefit Changes: If you receive an email claiming that you changed your benefits when you didn’t or a confirmation email you didn’t expect, be cautious.
Login Alerts: Password reset notifications you didn’t request and login alerts that you didn’t initiate may be signs a scammer is trying to access your account.
Messages Outside Company Channels: You may get a message from someone outside of your company claiming to be responsible for benefits, but it’s a scammer.
How to Protect Yourself
- Always access benefits portals through official company sites. Remember to bookmark them in your browser, so you don’t lose track.
- If you receive a benefits request, verify it directly with HR. Don’t reply to the original email, and don’t use the contact information it provides.
- Don’t click any links you receive via an unfamiliar email.
- Enable multi-factor authentication on all of your accounts.
- Regularly monitor your HSA, benefits and payroll activity.
- Use strong, unique passwords on all of your accounts.
What to Do If You’re Targeted or Compromised
- Contact HR or your benefits administrator immediately.
- Report the incident as fraud to your bank or HSA provider.
- Change your passwords and secure your accounts.
- Monitor your accounts for further suspicious activity.
Central Bank provides resources to help you stay protected against fraud. Always report fraud to your bank and the FTC.
