US-CERT warns of a phishing effort purporting to be from the government that aims to steal Obamacare seekers' passwords.
The Department of Homeland Security has issued an alert about imitation Obamacare emails that purport to be from the government but actually steer recipients to password-stealing websites.
Uninsured Americans are up against a midnight deadline to register -- through a real government-run health care exchange -- for coverage starting Feb. 1. The final cutoff for open enrollment is Feb. 15. It’s anticipated citizens will flood HealthCare.gov and state exchanges over the next month.
While some critics view the Affordable Care Act as a scam in and of itself, the DHS U.S. Computer Emergency Readiness Team, or US-CERT, says the administration has nothing to do with this online campaign.
"US-CERT is aware of a phishing campaign purporting to come from a U.S. federal government agency," states a warning posted Thursday afternoon. "The phishing emails reference the Affordable Care Act in the subject and claim to direct users to health coverage information, but instead direct them to sites which attempt to elicit private information or install malicious code."
Impostor websites that steal people's sensitive data work 14 percent of the time on average and are effective 45 percent of the time, in some cases, according to a November 2014 Google study.
Homeland Security recommends the following measures to guard against fake HealthCare.gov sites:
- Do not follow links or download attachments in unsolicited emails.
- Maintain up-to-date antivirus software.
- Refer to the Avoiding Social Engineering and Phishing Attacks Security Tip for additional information on social engineering attacks.