Security firm McAfee warned Tuesday that hackers are likely to take advantage of the rollout of ObamaCare exchanges this week by launching phishing attacks aimed at stealing personal information.
Phishing attacks are designed to dupe users into revealing credit-card numbers or other confidential data by delivering phony links or attachments in emails and messages on social media sites.
“I can say with a high degree of certainty that they will come. We live in a world where people look at compelling events and look to do something malicious. This is just the nature of the beast,” said Gary Davis, vice president of global consumer marketing at McAfee, which is owned by Intel (INTC).
Like natural disasters or other major events, consumers searching for information about the new health-care exchanges are likely to be willing to disclose personal information in the coming weeks.
Given the confusion over the rollout, consumers may also be more easily fooled by deceptive messages claiming to be from the government or health-care providers.
“Identity is a currency like anything else. The more information you have on a consumer, the more you make,” said Davis.
The threat of phishing attacks comes in addition to glitches that have mired the insurance exchanges, which went live on Tuesday.
The federally-run site for ObamaCare, or the Affordable Healthcare Act, posted error messages for at least 25 of 36 eligible states due to heavy traffic, according to Reuters.
Maryland delayed the opening of its state-run health-care exchange by four hours due to connectivity problems.
“Identity is a currency like anything else. The more information you have on a consumer, the more you make."
- Gary Davis of McAfee
Like many forms of cyber attacks, phishing scams have become more sophisticated in recent years, highlighted by a number of high-profile schemes that hit media companies like The Associated Press earlier this year.
“They’re getting very good at what they do,” said Davis. “It’s important that consumers take a cautionary note before they do anything. Step back and explore a way to verify this is legitimate and the source.”
McAfee warned it is seeing an increasing number of phishing schemes that try to trick users on social media sites like Facebook (FB), LinkedIn (LNKD) and Twitter, which is set to go public later this year.
The security firm lists a number of specific ways users can defend against phishing attacks.
- Install patches on your operating system as soon as possible to prevent hackers from exploiting known security vulnerabilities.
- Download the most up-to-date version of your Internet browser to deploy the latest security measures
- Double check the domain name of a website to ensure it’s legitimate. Look for “https:” in the URL to confirm SSL encryption is being used
- Don’t click on links in unsolicited email and ignore messages that call users to action by saying “your account will be terminated.” Rely on the phone instead and be sure to use numbers verified outside of the e-mail.
- Be extra vigilant about downloading software and e-mail attachments from the Internet like free screen savers that may contain keyloggers or screen scrapers that can steal information.