Insurance Impersonation Scams: How to Protect Yourself During Open Enrollment (and Year-Round)

gillisangela
Oct 8
2 min read

The same skills used to steal data are now being used to fake insurance claims. Knowledge is your best defense.

Open Enrollment is a prime time for scammers posing as Medicare, insurance carriers, or “benefits specialists.” Their goal? To trick employees or patients into revealing personal or financial information under the guise of updating coverage or avoiding cancellation.

Real insurance companies and Medicare will not call, text, or email to request payment or sensitive information. Yet impersonation scams are rising sharply—the FTC reported that impersonation was the #1 fraud category in 2024, with billions lost nationwide.

How the Scam Works

Unsolicited contact — A call, email, or text claims to be from “Medicare,” “Benefits Services,” or your insurance provider. Caller IDs and logos often look legitimate.
A sense of urgency — The message warns of “coverage cancellation,” “expired plans,” or “refund eligibility.”
The hook — Victims are asked to verify Social Security, bank, or Medicare numbers, or to click a payment link.
The escalation — Scammers use threats (“penalties if you don’t respond”) or emotional pressure (“your benefits will be canceled today”).

The safest response is to hang up, delete, and independently contact the insurer using a verified phone number or website.

Red Flags to Watch For

Requests for Medicare, Social Security, or financial information by phone, text, or email.
Demands for payment to replace or renew insurance cards.
Caller ID showing “Medicare” or your insurer, but with pushy or suspicious language.
Links to websites that aren’t .gov or your carrier’s verified domain.
Offers that seem “too good to be true,” such as rebates or new plans at no cost.

How Employers Can Protect Staff and Patients

Remind employees that official agencies don’t contact them for sensitive data over text or phone.
Centralize benefits communication—direct staff to one trusted HR or portal source.
Train for impersonation scams—include these examples in phishing simulations.
Create a “verification policy”—require call-backs to verified numbers before anyone shares protected information.
Encourage reporting. Employees should feel safe telling you about suspicious messages, even if they clicked.

If Someone Shared Information

Contact the insurer or Medicare immediately.
Change account passwords and enable multi-factor authentication (MFA).
Monitor credit reports and consider placing a fraud alert or freeze.
Report the scam to ReportFraud.ftc.gov to help others avoid it.

Closing Thoughts

Insurance impersonation scams thrive on fear and confusion—especially during open enrollment. A quick reminder to your staff and patients about how to verify legitimate communications can stop a breach before it starts.