Web experts warn of scammers taking advantage of ObamaCare debacle

posted at 10:41 am on October 3, 2013 by Ed Morrissey

Yesterday, DNI James Clapper warned Congress about the “dreamland” created by the government shutdown for terrorists looking to exploit holes in American national security. The Senate was skeptical of those claims thanks to Clapper’s lack of credibility, but Congress should look more to the domestic-policy front for “dreamlands” created by federal dysfunction for fraudsters and scammers. Thanks to the disastrously incompetent rollout of ObamaCare exchanges, experts warn consumers that they are at high risk of phishing and other identity-theft attacks:

Amidst the fighting in Washington and the reports of Marketplace site outages, one issue surrounding the Affordable Care Act (aka Obamacare) hasn’t been addressed: scammers.

Security company Trend Micro reported that they’re already seeing spamtargeted to words like “medicare,” “enrollment,” and “medical insurance.” These terms aren’t quite on-point just yet, but Trend Micro’s threat communications manager Christopher Budd told SecurityWatch that deep problems with the Marketplace websites could make things much worse.

Not to quibble, but the risk has been addressed a number of times — by ObamaCare opponents.  Advocates responded by promising that the exchanges would minimize that risk.  Instead, as PC Magazine reports this morning, those exchanges have multiplied the risks:

“Most states have their own official state sites, and then you can have third party broker sites,” explained Budd, touching on how the Insurance Marketplaces are organized. “The environment this creates right out of the gate is so confusing that it creates space for phishing.”

Budd says that without a clear means to verify if a site is official or not, people are risk of finding themselves duped by convincing-looking fraudulent websites. We’ve already seen how spammers and scammers are very adept tailoring their messages to match the zeitgeist. And because these websites deal with medical issues and insurance, people are already primed to hand over tons of personal information—like their Social Security numbers. Worse yet, some people will be signing up their whole families, potentially giving thieves access to a lot of personal information.

The main problem, says Budd, is that some of the state websites did not follow best practices for security—or even adequately brand themselves as part of the ACA. “To give credit, the Federal site is professional, well branded, and provides SSL,” said Budd, pointing out how HealthCare.gov automatically used SSL.

State-level Marketplaces weren’t so well put together. “There are some state sites that if you go in HTTPS, it gives you a 404 error,” said Budd. Other states had test certificates instead of legitimate ones, and one third-party website automatically rolled Budd back to HTTP when he tried to connect via HTTPS. 

SSL (Secure Socket Layer) is perhaps the most basic Internet transaction security systems available.  Since 1996, it has been the default level of commercial websites expecting to handle sensitive customer information.  A commercial web site that didn’t include at least that much transactional security would get laughed off of the Internet, and would have since Bill Clinton was President. Test certificates are used in development phases, but normally would be long discarded for up-to-date security certificates long before a launch date, especially for systems that had a three and a half year development phase.

This points out the big difference between free-market and government-run operations.  Governments don’t have competition, and therefore have no real incentive to follow industry standards.  This slapdash effort would result in massive consumer rejection and some creative destruction in the free market that would release assets for use by more competent stakeholders.  In the public sector, with no worries about competition, it becomes a “dreamland” for incompetents.  And what we see this week is the result.

Forbes has a list of warnings for consumers who might get confused by scammers and fraudsters looking to take advantage of the low-information Internet users that are now required by law to purchase through these failing mechanisms.  KTNV gives us the thumbnail version:

Number one is the non-existent Obamacare card. You do not need to get an Affordable Care Act insurance card in order to buy coverage. There is no such thing.

Number two is the phone phone call from people pretending to work for the government and asking for personal information such as social security numbers. These people claim they are trying to verify eligibility for Obamacare.

Number three is the bogus Obamacare navigators. They claim to be able to help people through the sign-up process. Instead, they are stealing people’s information and identities. There are legitimate navigators but they were for agencies like the United Way.

Number four is the Medicare scare tactic. People over the age of 65 are being told that they will lose coverage if they do not sign up for ACA.

Number five are websites that look real but are not. Once again, this is an effort to collect personal information so that it may be used for fraudulent activities.

Perhaps a better rule of thumb is this, at least for the moment: if it’s working properly and seems to have security in place, it’s probably not the government site.


Related Posts:

Breaking on Hot Air

Blowback

Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.

Trackbacks/Pings

Trackback URL

Comments

Who in the heck would be dumb enough to go online and give the government personal information regarding their healthcare? If the feds screw up, there is NO recourse.

BuckeyeSam on October 3, 2013 at 10:46 AM

Anyone entering any personal data on these sites should have his head examined.

The “Navigators” are going to be going door-to-door anyhow. I’m sure the SEIU and ACORN goons among them will be more entertaining to deal with than non-functional web sites.

Akzed on October 3, 2013 at 10:48 AM

As they say in Japan: “No effin way”.

Look on the bright side, the guy who steals your identity will probably die as he waits forever to get his ulcer treated.

Of course on the downside you will get a letter from the HHS telling you that you’ve died and are no longer covered, and the IRS will send you a bill for $10,000 because you failed to inform them that you had died.

Bishop on October 3, 2013 at 10:48 AM

Number three is the bogus Obamacare navigators. They claim to be able to help people through the sign-up process. Instead, they are stealing people’s information and identities. There are legitimate navigators but they were for agencies like the United Way.

Ask John McCain how to identify which navigators are the good ones and which are the scammers.

blammm on October 3, 2013 at 10:50 AM

OT: Obama’s yakking at a tent revival right now in Rockville, MD.

Oy. Why can’t he just do his job?

BuckeyeSam on October 3, 2013 at 10:54 AM

Forbes has a list of warnings for consumers who might get confused by scammers and fraudsters looking to take advantage of the low-information Internet users

LIV/LIIU–you mean the ones that brought you Disaster Care? They can suffer at the hands of their voting decision.

hillsoftx on October 3, 2013 at 10:55 AM

OT: Obama’s yakking at a tent revival right now in Rockville, MD.

Oy. Why can’t he just do his job?

BuckeyeSam on October 3, 2013 at 10:54 AM

Did Bark put his healing hands on someone’s face and draw out the evil Tea Party sickness they were suffering from?

“I’m tellin’ ya demon! Get OUT of their soul! Demon OUUUUUT! Praise me, brutha, you is healed!”

Bishop on October 3, 2013 at 10:57 AM

BTW: it’s fun to laugh at the Web site glitches, but the GOP or conservative groups should be tracking instances of fraud. This is the stuff that needs to be trumpeted.

BuckeyeSam on October 3, 2013 at 10:58 AM

On Tuesday my pastor was trying to research the different levels, options and costs of what we would have to pay under Obama-DemocratCare. It was not until he had to enter his SSN that he stopped and started scrutinizing the website to learn that it was not an official Obama-DemocratCare website! No telling how many people have given up their personal information and will now be vunerable to identity theft.

fbcmusicman on October 3, 2013 at 10:59 AM

This is just a made up scare tactic. I’m sure scammers wouldn’t target someones healthcare info. /

oldroy on October 3, 2013 at 10:59 AM

Bishop on October 3, 2013 at 10:57 AM

Dadgum it, Bish!

Diet Coke all over my office monitor. Again.

kingsjester on October 3, 2013 at 10:59 AM

Bishop on October 3, 2013 at 10:57 AM

Sorry, I no longer listen to him. He’s a pathological liar. That said, he’s got that hardest-working-man-in-politics look going with his jacket off and his sleeves rolled up. Oh, and considerable arm waving.

BuckeyeSam on October 3, 2013 at 11:00 AM

BuckeyeSam on October 3, 2013 at 11:00 AM

If ya can’t dazzle ‘em with brilliance…

kingsjester on October 3, 2013 at 11:01 AM

In combination with #5 coming to your inbox and mine in the very near future…

We wanted to let you know that time is running out for you to sign up to get Federal Healthcare. Remember, it’s the law! The good news is, it’s easy. Just login to thisisforstupidpeople.com and register yourself and your family members! A few minutes of your time and you and your family will be covered by the Affordable Care Act.

Even I could run this scam, and I’m pretty low-level site design capable. Just wait, I give it a month for the horror stories about identity thieves in this whole mess to start. And remember, it’s the LAW!

UnderstandingisPower on October 3, 2013 at 11:04 AM

Sorry, I no longer listen to him. He’s a pathological liar. That said, he’s got that hardest-working-man-in-politics look going with his jacket off and his sleeves rolled up. Oh, and considerable arm waving.

BuckeyeSam on October 3, 2013 at 11:00 AM

Liar, you’re hanging on every word; you can’t fool me, homophobe.

As for the arm waving that’s to keep the flies away.

Bishop on October 3, 2013 at 11:04 AM

On Tuesday my pastor was trying to research the different levels, options and costs of what we would have to pay under Obama-DemocratCare. It was not until he had to enter his SSN that he stopped and started scrutinizing the website to learn that it was not an official Obama-DemocratCare website! No telling how many people have given up their personal information and will now be vunerable to identity theft.

fbcmusicman on October 3, 2013 at 10:59 AM

One big security problem is there isn’t ONE “official” site. There are probably at least 100′s — all with similar sounding names.

Here’s a pop quiz. Which one is real without clicking on them to find out:

https://www.coveredcalifornia.com

https://www.coveredca.com/

Did you pass or fail?

UnderstandingisPower on October 3, 2013 at 11:07 AM

UnderstandingisPower on October 3, 2013 at 11:07 AM

Somehow I ended up at BigBootys.com though I’m not sure how. No really, I don’t know h…why are you looking at me like that?

Bishop on October 3, 2013 at 11:09 AM

LOL. One of the comments says the ONLY cure for this debacle is single-payer.
Dinna take long.

pambi on October 3, 2013 at 11:10 AM

#6: FREE OBAMAPHONES
#7: 75% OFF FIRST FOUR ABORTIONS

patman77 on October 3, 2013 at 11:11 AM

UnderstandingisPower on October 3, 2013 at 11:07 AM

Somehow I ended up at BigBootys.com though I’m not sure how. No really, I don’t know h…why are you looking at me like that?

Bishop on October 3, 2013 at 11:09 AM

Oh, so it’s YOU who is sexist? Or was it a homophobe? Uh, or was that Resist and was it racist?

So hard to keep the hate sorted out…

/

UnderstandingisPower on October 3, 2013 at 11:12 AM

Why is Forbes left having to warn us?

Any company wanting to protect its good name would be the source of warnings about the pitfalls which surround its product… and long before rollout.

mankai on October 3, 2013 at 11:13 AM

UnderstandingisPower on October 3, 2013 at 11:12 AM

Keep it up, misogynist, one call from me to HHS and you’re soylent. One call, best you remember that.

Bishop on October 3, 2013 at 11:14 AM

Just got this from a scammer:

We have a lot of visitors on the site right now.
Please stay on this page.

We’re working to make the experience better, and we don’t want you to lose your place in line. We’ll send you to the login page as soon as we can. Thanks for your patience!

Yeah, like I’m gonna fall for that.

mankai on October 3, 2013 at 11:17 AM

if I let this news…….it could really mess up my good day waitin fer the School Pie Supper tonight.

But I ain’t gonna let it.

Party at the Pie Supper tonight folks!

YeeeefreakingHawww

PappyD61 on October 3, 2013 at 11:17 AM

patman77 on October 3, 2013 at 11:11 AM

Via Drudge, the Tennessee group is offering phones !

Check out the latest drudge headline, too.

pambi on October 3, 2013 at 11:18 AM

The government has become the scammer.

Alinsky won!

faraway on October 3, 2013 at 11:18 AM

Money quote right at the end Ed
Zing!

cmsinaz on October 3, 2013 at 11:20 AM

Can someone explain to me why this all had to be done through government ‘exchanges’? Why couldn’t the healthcare insurance companies already offering plans have simply modified them to Obamacare mandates and continued to sell them the way they always have?

Subsidies for those eligible could have been handled through a revised withholding calculation. For those without enough existing withholding to be cancelled out by a subsidy, they could have set up a small government office to send the difference to the insurer. Even better, the insurers could have billed the government lump-sums quarterly for subsidies.

slickwillie2001 on October 3, 2013 at 11:21 AM

Keep it up, misogynist, one call from me to HHS and you’re soylent. One call, best you remember that.

Bishop on October 3, 2013 at 11:14 AM

I thought that was a company that sponged like millions or billions (it’s hard to keep up with everything) from the .gov and then went belly-up. But when I looked it up, it’s some kind of diet drink…?

Bankruptcy = dieting = federal healthcare scams

Yep. I see what you did there.

UnderstandingisPower on October 3, 2013 at 11:29 AM

Can someone explain to me why this all had to be done through government ‘exchanges’? Why couldn’t the healthcare insurance companies already offering plans have simply modified them to Obamacare mandates and continued to sell them the way they always have?

Subsidies for those eligible could have been handled through a revised withholding calculation. For those without enough existing withholding to be cancelled out by a subsidy, they could have set up a small government office to send the difference to the insurer. Even better, the insurers could have billed the government lump-sums quarterly for subsidies.

slickwillie2001 on October 3, 2013 at 11:21 AM

Clearly you do not know how Marxism works. Google: Cuba.

Hint: The government has to OWN you.

UnderstandingisPower on October 3, 2013 at 11:30 AM

Wow, who could have seen this coming?

Chris of Rights on October 3, 2013 at 11:31 AM

Anyone entering any personal data on these sites should have his head examined.

The “Navigators” are going to be going door-to-door anyhow. I’m sure the SEIU and ACORN goons among them will be more entertaining to deal with than non-functional web sites.

Akzed on October 3, 2013 at 10:48 AM

Really? A door-to-door campaign will be fraught with even more criminal activity!

Deafdog on October 3, 2013 at 11:35 AM

Perhaps a better rule of thumb is this, at least for the moment: if it’s working properly and seems to have security in place, it’s probably not the government site.

:) Great snark, Ed. Oh, so true.

INC on October 3, 2013 at 11:38 AM

The government has become the scammer.

Alinsky won!

faraway on October 3, 2013 at 11:18 AM

The government hates its subjects….they proved that yesterday at the WWII memorial.

Deafdog on October 3, 2013 at 11:39 AM

More fishy navigator stuff: In TN they are giving out Obamaphones already programmed with the numbers of the staff. Are the recipients being tracked? I would guess so.

And Seedco, the Acorn-like group that is providing navigators to Queen Sebelius, has already pled guilty to fraud on prior contracts!

PattyJ on October 3, 2013 at 11:57 AM

Anyone with an IQ over 40 would stay away from any of these sites at least until the end of the year.

Annar on October 3, 2013 at 11:58 AM

INC on October 3, 2013 at 11:38 AM

Truth, but ALSO .. if they ask you to provide your household income, it’s a fraud, as well.

OY.

pambi on October 3, 2013 at 11:59 AM

And Seedco, the Acorn-like group that is providing navigators to Queen Sebelius, has already pled guilty to fraud on prior contracts!

PattyJ on October 3, 2013 at 11:57 AM

Fraud is a prerequisite. It’s the price of entry into all things Democrat.

oldroy on October 3, 2013 at 12:08 PM

In combination with #5 coming to your inbox and mine in the very near future…

We wanted to let you know that time is running out for you to sign up to get Federal Healthcare. Remember, it’s the law! The good news is, it’s easy. Just login to thisisforstupidpeople.com and register yourself and your family members! A few minutes of your time and you and your family will be covered by the Affordable Care Act.

Even I could run this scam, and I’m pretty low-level site design capable. Just wait, I give it a month for the horror stories about identity thieves in this whole mess to start. And remember, it’s the LAW!

UnderstandingisPower on October 3, 2013 at 11:04 AM

Or, since a lot of people weren’t able to finish the application process, a phish email saying “We apologize for the problem in completing your affordable care application. The problem has been resolved and you should be able to complete your official application in less than five minutes at this link. Thank you for your patience.”

whatcat on October 3, 2013 at 12:16 PM

The main problem, says Budd, is that some of the state websites did not follow best practices for security—or even adequately brand themselves as part of the ACA. “To give credit, the Federal site is professional, well branded, and provides SSL,” said Budd, pointing out how HealthCare.gov automatically used SSL.

.
Everything I have turned up so far indicates the Federal site is nearly impossible to connect to and having the same problems getting information to “stick” once entered.

Hmmmmmmmmmmm

The “connecting” problem is symptomatic of a site seeing a Dedicated Denial Of Service attack – which the hackers of the world have had years to prepare … and which the SCOAMF administration would NEVER acknowledge as a problem.

The “information won’t stay in the system” is symptomatic of two likely scenarios:

1) The underlying data model is VERY poorly designed and rather than being highly normalized (i.e. each piece of data is only stored in one location) has the data stored in one place when entered but being looked for in another data field later in the process – this type of problem is structural and will permanently cause problems.

2) The security of the back end code (SSL is data transfer oriented) is very poor and has been hacked to force people to re-enter the data which is then being captured and forarded out of the system to the hackers.

Ed, if you want to evaluate the value of a security analyst ask him/her for their experience with the “Chinese root kit” fiasco. You’ve got my email – I’ll give you specifics, if you don’t have them, on the greatest data heist never reported by the media.

PolAgnostic on October 3, 2013 at 12:32 PM

Can someone explain to me why this all had to be done through government ‘exchanges’? Why couldn’t the healthcare insurance companies already offering plans have simply modified them to Obamacare mandates and continued to sell them the way they always have?

Subsidies for those eligible could have been handled through a revised withholding calculation. For those without enough existing withholding to be cancelled out by a subsidy, they could have set up a small government office to send the difference to the insurer. Even better, the insurers could have billed the government lump-sums quarterly for subsidies.

slickwillie2001 on October 3, 2013 at 11:21 AM

That would be far too easy and makes too much sense. It’s been said many times before: the end goal here is to drive all those eeeviiilll insurance companies out of business and get to single-payer as fast as possible.

PatriotGal2257 on October 3, 2013 at 12:46 PM

slickwillie2001 on October 3, 2013 at 11:21 AM

This has been said many times before also: the debacle that is Obamacare has nothing whatsoever to do with health care. It’s totally about control, power and a massive transfer of wealth.

PatriotGal2257 on October 3, 2013 at 12:48 PM

I’m sure that Barry, Nancy and Harry will have all this figured out by the end of the week.

GarandFan on October 3, 2013 at 2:52 PM

This points out the big difference between free-market and government-run operations. Governments don’t have competition, and therefore have no real incentive to follow industry standards. This slapdash effort would result in massive consumer rejection and some creative destruction in the free market that would release assets for use by more competent stakeholders. In the public sector, with no worries about competition, it becomes a “dreamland” for incompetents. And what we see this week is the result.

They have no real incentive to follow the law either.

AesopFan on October 3, 2013 at 11:27 PM