Phishing scams continue to plague our email. They come in many forms typically with the goal to either get you to provide sensitive information or click something to send your computer to a malicious source (see more on exploit kits HERE).
A healthcare provider HealthEquity is also seeing their customers bombarded with phishing attacks and has issued a warning to their customers about phishing. I thought the warning was well done and something we could all learn from. Consider this a template you could modify for your organization to educate your users on Phishing attacks. Enjoy
We have identified an increase in phishing and related fraud attempts. Fraudsters are posing as HealthEquity in an attempt to steal member login credentials. As a best practice, we encourage you to frequently update your password. If you have received an “urgent” email that looks like it came from HealthEquity requesting you to verify information, please forward the email to [email protected] and follow the tips below to protect your account.
What is phishing?
Phishing is an attempt to obtain sensitive account information such as a username or password by posing as a legitimate company, mainly through email.
How to spot a phishing email
Here are some common giveaways:
- Subject line is “Urgent” or “Immediate Action”
- Sender name looks odd or unfamiliar
- Dear Customer… The greeting is not personalized with your name
- Please confirm your identity… Legitimate sites won’t ask to verify identity
- Misspellings and grammatical errors, including UK spellings
- Attachments: Unless you requested a document from HealthEquity to be sent via email
- Links that look modified or unusual (healthequ1ty.com or the link may not contain healthequity)
- Vague information
We will never ask you for your SSN, PIN, card number or any personal information via email, text, phone/recorded audio, or through social media, though we may ask for your SSN and other personal information to verify your identity when you call.
Protect your information
Here are a few things that you can do to help reject “phish” bait:
- Log into your account: As soon as your account is open, log in and create a unique and secure password. Do not use the same password for multiple sites.
- Change your password frequently: We recommend changing passwords every 90 days.
- Don’t click on email links: Manually type in the website that you know is correct.
- Learn to identify suspicious details: Understand what to look for to uncover an email scam. More details available on our home page.
- Look for secure site indicators: Authentic login sites have certificates of security indicated by a locked keypad icon by most browsers or an “s” added to the URL.
- Review transaction history frequently.
- Enable email notifications to alert you when information has changed on your account
- When in doubt, call HealthEquity 24/7 at 866.346.5800.
We also continue to evaluate and implement additional anti-spoofing measures to keep your account safe and secure.
Remember, you are the first line of defense as phishing attacks become more frequent. If you need help logging in or believe you may have provided your credentials to someone else, please contact us at 866.346.5800. We are available every hour of every day to assist you.
HealthEquity Member Services