Cybercriminals continue to target employees and former employees using fake benefits communications designed to steal personal information, banking details, and insurance-related data. HR and benefits teams should be aware that attackers increasingly imitate COBRA notices, open enrollment materials, carrier communications, and benefits invoices in an effort to appear legitimate.
These scams are effective because benefits communications often involve sensitive personal information, enrollment deadlines, payment obligations, and unfamiliar third-party administrators or insurance vendors. Employees who are stressed about losing coverage or making enrollment decisions may be more likely to respond quickly without carefully reviewing the communication.
One common tactic involves fake COBRA notices. An employee who recently terminated employment may receive an email, text message, or mailed notice claiming immediate action is required to continue health coverage. The communication may direct the individual to:
- Click a fraudulent enrollment link
- Provide Social Security numbers or dependent information
- Submit payment to a fraudulent account
- Enter banking or credit card information on a fake website
Attackers may also impersonate insurance carriers, benefits administrators, or employer HR departments by using logos, copied language, and email addresses that closely resemble legitimate organizations.
Another growing risk involves fake open enrollment notices or “benefits verification” requests sent to active employees. These messages often create urgency by warning employees that coverage may be canceled unless information is updated immediately. In some cases, attackers use phishing websites that closely imitate legitimate benefits portals.
HR teams can help reduce these risks by educating employees on how official benefits communications are handled within the organization. Employees should understand:
- Which vendors and administrators the organization uses
- How COBRA notices are normally delivered
- Which websites and email domains are legitimate
- That HR will never request passwords by email
- How to report suspicious communications
Organizations should also encourage employees to independently verify any unexpected benefits notice before responding, especially if the communication involves payment requests, login credentials, or requests for sensitive information.
Additional best practices include:
- Using secure employee communication channels
- Monitoring for spoofed company email domains
- Implementing multi-factor authentication (MFA) on benefits platforms
- Reviewing vendor security practices
- Training employees to identify phishing and social engineering attempts
Former employees may be particularly vulnerable because they are often expecting COBRA or benefits-related communications after termination. HR departments should consider reminding departing employees about how official notices will be delivered and who to contact with questions.
For organizations working with third-party administrators and benefits vendors, coordination on communication practices and security expectations is also important. Clear branding, accurate contact information, and employee education can help reduce confusion and minimize the likelihood of successful scams.
As benefits-related phishing attacks continue to evolve, HR departments play an important role in helping employees recognize fraudulent communications before sensitive information or payments are compromised.
Benefit Allocation Systems (BAS) provides best-in-class, online solutions for: Employee Benefits Enrollment; COBRA; Flexible Spending Accounts (FSAs); Health Reimbursement Accounts (HRAs); Leave of Absence Premium Billing (LOA); Affordable Care Act Record Keeping, Compliance & IRS Reporting (ACA); Group Insurance Premium Billing; Property & Casualty Premium Billing; and Payroll Integration.
MyEnroll360 can Integrate with any insurance carrier for enrollment eligibility management (e.g., Blue Cross, Blue Shield, Aetna, United Health Care, Kaiser, CIGNA and many others), and integrate with any payroll system for enrollment deduction management (e.g., Workday, ADP, Paylocity, PayCor, UKG, and many others).
This article is for informational purposes only and is not intended as legal, tax, or benefits advice. Readers should not rely on this information for taking (or not taking) any action relating to employment, compliance, or benefits. Always consult with a qualified professional before making decisions based on this content.
