The Department of Homeland Security has issued a warning that cybercriminals are using phishing e-mails that appear to come from Healthcare.gov ahead of the upcoming final deadline to apply for coverage under the Affordable Care Act.
Homeland Securitys U.S. Computer Emergency Readiness Team (US-CERT) issued the alert and says the e-mails sent to consumers reference the Affordable Care Act in the subject line and claim to direct users to health coverage information. Instead, these e-mails direct users to sites that elicit private information or install malicious code.
Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal consumers personal identify data and financial account credentials, according to Anti-Phishing Working Group, Inc., a worldwide coalition for the global response to cybercrime. In the first half of 2014, the group reported 123,741 attacks worldwide, more than the 115,565 reported in the second-half of 2013. No numbers have been kept or disclosed for attacks specific to Healthcare.gov.
Homeland Security says users can protect themselves by:
- Not following links or download attachments in unsolicited email messages; and
- maintaining up-to-date antivirus software.
If affected by the campaign, users are encouraged by DHS to report the incident to appropriate parties within their organization and
This problem also affected Healthcare.gov during the first open enrollment. TrendMicro reported at that time that before open enrollment even began in 2013, criminals were spewing ACA-related spam as early as first weeks of September.