Medicare open enrollment begins on Oct. 15, 2014 and extends through Dec. 7. Over the past few months, I’ve noticed a decidedly increasing number of emails purporting to be from Medicare premium providers and/or their representatives, which has increased to a veritable steady stream toward the end of September and beginning of October. I expect the amount to remain constant or actually increase somewhat till the period of open enrollment ends.
So Why Do Spammers Send these?
There is 1 basic reason these emails are being sent: money. So how do the spammers actually get money? That can happen in several ways.
1) They create a very official-looking website that requests various pieces of information in order for you to sign up for a Medicare plan. Such information may include:
date of birth,
possibly even a social security number.
They’ll also ask you to create a username and password, which they’re betting you use on more than 1 site (but you wouldn’t do that, right?). If you do, and if your email has a web interface (and what email doesn’t these days?), they could potentially try signing into your email account and determine which financial institutions you do business with if you bank online. From there, it’s a simple matter for them to log into your online banking if you use the same password there, or to request a password reset if you don’t. They may even change your email password, thereby locking you out of your email account while they log in to your bank and steal your money.
2) They can sell the information gained from you to criminals in underground forums, who in turn use it to commit identity and/or financial theft.
3) Their very official-looking website can be poisoned with malware. Once infected, your computer could be redirected to various websites in order to click on advertisements, and the spammers get paid for each click that occurs. Or, the computer could be used as part of a “distributed denial of service” (DDOS) attack. In these attacks, computers are formed into networks called “botnets”, which are under the control of the criminals’ command-and-control server. Each individual computer in a botnet is called a “zombie”. These botnets can then be used to flood legitimate websites, such as government or financial institutions with so much traffic that it makes the website unusable by legitimate visitors. So, in essence, your computer is helping criminals do their dirty deeds.
The requesting of personal information with criminal intent is called “phishing”.
So how do you protect yourself?
The first rule is not to click on any email links you receive. If you wish to go to a link, type the link directly into your web browser. So, to go to the Medicare site, for example, type:
Also note that legitimate sites will never contact you via email requesting information such as passwords, usernames, and social security numbers.
Another thing you can do to see where the email link points to is to right-click the link and select ‘Copy Link Location’ from the context menu that appears. In one of the latest spams I received, this is what came up:
That truly looks like something that would direct to a Medicare-related site, doesn’t it? (NOT!)! (note: the http prefix was eliminated so that the link could not be clicked).
Another thing to do is to look at the ‘From”‘ field of your email address. In this case, the idiot wasn’t even sophisticated enough to try to make you think it was coming from some sort of Medicare site–the address was simply
help47ka at falconbeakedjaculationgz dot com
Again note that I’ve changed the email address so as to not allow it to be clicked.
My suggestion is that if you’re looking to change your Medicare options, or even just explore those available to you, start by going to:
Whatever you do, don’t clikc on links you receive in emails!