The Federal Bureau of Investigation (FBI) has issued a warning about a scam where criminals pretend to be health insurance companies or their fraud investigators. These fraudsters are sending emails and text messages to individuals and healthcare providers, making them believe the messages are from legitimate health authorities.

The aim is to pressure people into revealing private health information, medical records, or banking details. They might also try to get money for supposed overpayments or services not covered by insurance.

Understanding the Scam’s Tactics

These messages, as per the FBI, are carefully crafted to look official, often designed to create a sense of urgency or even excitement. The criminals exploit human emotions, whether it’s fear of having made a mistake or the happy thought of receiving a refund.

For instance, Erich Kron, Security Awareness Advocate at KnowBe4, states that if someone is told they are due money back, they might quickly provide bank account information for the refund or personal details to “confirm their identity.”

“This tactic can be used to collect sensitive information such as Social Security numbers, physical addresses, email addresses, phone numbers, or much more, all of which can be sold on the dark web” Kron further explained in his comment shared with Hackread.com.

This allows the scammers to collect sensitive information, which can then be sold on illegal online marketplaces. These scams contribute significantly to cybercrime losses, with fraud accounting for a large portion of the $16.6 billion in total cybercrime losses the FBI reported in 2024.

How to Stay Safe

This ongoing threat highlights the importance of being careful when receiving unexpected communications about healthcare. To protect yourself from these scams, the FBI advises to be suspicious of any uninvited messages – emails, texts, or calls – asking for personal information. It’s crucial to never click on links in such suspicious messages.

Always use strong passwords for your online accounts and turn on Multi-Factor Authentication (MFA), which adds an extra layer of security. Most importantly, if you receive a message about your health insurance that seems questionable, contact your health insurance provider directly using a known, official phone number or website to confirm its legitimacy before sharing any details.