Scams sprout with rollout of Obamacare

Amber Hunt | The Cincinnati Enquirer

CINCINNATI -- Ohio resident James Dick already had deleted an inbox's worth of bogus e-mails about the Affordable Care Act when his telephone rang.

On the other end: a convincing-sounding man claiming to be from the national Medicare office. He told Dick that he was ready to send him a new Medicare card but first needed to verify the 69-year-old's identity -- by asking for his bank account number.

"I said, 'No, I don't think so,' " Dick told The Cincinnati Enquirer. The man insisted that he couldn't verify Dick's identity without the number and kept pressing for it until Dick hung up.

"It was a scam is what it was," Dick said. "I'm sure they've done it to other people. Most people don't realize what they're doing."

According to computer security experts and government officials, Dick is right. Since the launch of Obamacare, residents nationwide are finding themselves targets of ACA scams. It's making the already-troubled debut of a controversial law even more confusing.

"It's an opportunity for scammers, and scammers very rarely leave an opportunity unfulfilled," said Mark Rasch, a former computer crime and fraud prosecutor with the U.S. Department of Justice.

Schemes appear within days of enrollment opening

The scams come in many forms -- as e-mails, phone calls and imposter websites. Some rely on ignorance about what the health-care law actually covers, such as one touting that recipients could qualify for cheaper auto insurance. (Hint: The ACA does not affect car coverage.) Others are websites designed to look like the government-sanctioned Healthcare.gov.

Most are designed to steal from people, be it their money or their identities, Rasch said.

"They're very difficult to investigate as a scam, because it's not a scam. It's hundreds of scams by thousands of people," said Rasch, who runs Maryland-based Rasch Technology and Cyberlaw.

Ohio's Department of Insurance issued a warning with the state Attorney General's Office just days after ACA enrollment officially opened last month that the scam gates had opened. Ohio Attorney General Mike DeWine and Insurance Director and Lieutenant Gov. Mary Taylor warned that scammers were pretending to be associated with the government to make the ploys believable.

Department of Insurance spokesman Robert Denhard said Ohio is cataloging fraudulent ACA activity but he couldn't comment further because the information is confidential.

Christopher Budd, a threat communications manager with security software company Trend Micro, said the scams' proliferation is thanks largely to confusion. "If you're in Ohio, to get your health care, you go to healthcare.gov. If you're on the Kentucky side, you go to the Kentucky state exchange page, not the federal page.

"That's an example of the situation on the ground that creates confusion," said Budd, whose company's North American headquarters is in Irving, Texas. "And the key thing is: Confusion is the environment in which fraudsters and criminals thrive."

According to separate warnings issued by the Better Business Bureau and Federal Trade Commission, ACA scams are especially targeting the elderly, people with disabilities and owners of small businesses.

The Enquirer collected apparent scam e-mails and perused misleading websites for several weeks. Among the messages:

• One e-mail titled "It's better to be prepared with medical insurance" asked for personal information so the recipient can get "expert advice" on selecting a policy. The provided link connected with a third party unaffiliated with medical insurance.

• Some promise to send either Obamacare or new Medicare cards after you provide personal information. There's no such thing as "Obamacare cards," and you are not required to obtain a new Medicare card under the ACA.

• One declared that "President Barak (sic) Obama" has passed a new law that might qualify you for cheaper car insurance. A legitimate message probably wouldn't misspell the president's first name or hawk auto coverage as part of the ACA.

E-mails and phone calls were placed to give the e-mails' senders a chance to explain the inquiries. None returned messages.

In addition to bogus e-mails, numerous websites have been unveiled in recent weeks that appear designed to mirror the official Healthcare.gov site, but they have slightly different Web addresses. One touts an "Obamacare hotline," but a representative who answered said he worked for a private company that isn't affiliated with the official Healthcare Insurance Marketplace. He referred further questions to a superior who didn't return messages.

Not all sites fraudulent

Rasch said it's not unusual for scammers to latch onto a new program and look to exploit the ignorance surrounding it. Scams were rampant during the 2010 Census data-collection period, he said, as well as during Superstorm Sandy relief efforts. Some efforts are clunky and amateurish; others are polished and sophisticated, run by both domestic and international hacker groups with the know-how to create slick websites that easily pass for legitimate.

Some of the sites might not be fraudulent, but Budd said it's difficult to tease out which represent legitimate third-party entities and which are scams. He'd prefer a "verifiable seal program," through which legitimate sites get seals of approval that can be verified on an official government website.

"I have people send me links to websites and ask, 'Is this a legitimate site or not?' and in almost all of these cases, the only answer I can give is, 'I don't know,' " Budd said. "And I'm an information and security privacy professional with 15 years' experience. Not to be arrogant, but if I can't figure it out, how can Mom and Dad figure it out?"

Dick, a retired factory worker who lives with his 66-year-old wife, Lorene, was offended that someone assumed that, because he's older, he's also gullible. He knew that an official government representative wouldn't ask for his bank account number -- and he's well aware that the ACA doesn't require Medicare recipients to get new cards.

Dick said he knows plenty of people don't have computer access, though, and might be easier targets than he was. "You've got to research."

Don't become a fraud victim

Tips on protecting yourself from con artists:

• Never pay upfront fees. If someone asks for money to help you shop for insurance, it's a sure sign they're not legitimate. Real navigators provide information about the ACA for free.

• Hang up the phone. Don't press any buttons or return any voicemails, period.

• Never click any links provided in e-mails. Even if it appears to be a legitimate link from a trustworthy source, type in the URL yourself.

• Be suspicious of anyone claiming to represent the government. Government agencies typically communicate only by mail.

• Don't provide personal information such as your Social Security or bank account numbers. If you do give out such information, immediately inform your banks and credit card providers.

• Don't trust caller ID. Phone numbers and organization names can be faked.

• Go to www.healthcare.gov. It's the official shopping place for qualified health plans.

• Report scams or suspicious activity. You can file a complaint with the Federal Trade Commission at www.ftc.gov/complaint or call 1-877-FTC-HELP.

• If you think your identity's been stolen, visit www.ftc.gov/idtheft or call 1-877-ID-THEFT.

Sources: Better Business Bureau, Ohio and federal officials and Mark Rasch, former federal computer crime prosecutor.