It’s open enrollment season. Don’t be a target of health care scams

It is a crucial time of year for 24 million Americans Those who rely on health insurance purchased through the public market.

Open enrollment is season – November 1 to January 15 – When Americans choose and insure their health insurance plan for the following year. For anyone looking to purchase health care coverage for 2026, the next few weeks will be crucial. December 15 is the deadline for coverage to take effect on January 1.

But this importance (and urgency) is also what makes this a high-stakes time Online scammers He May Try to Exploit You Sophisticated cybercriminals often take advantage of consumers’ interest and anxiety about open enrollment, leading to identity theft, financial loss, and interrupted medical care.

Although open enrollment is essential to maintaining your coverage until next year, you need to be vigilant against sophisticated scams that target Medicare beneficiaries and Marketplace enrollees through impersonation, high-pressure sales, and benefits fraud.

A few key defensive strategies — combined with some technology tools and services — can help protect you, your personal data, and your money.

Here’s what a cybersecurity and healthcare expert says you can do to stay safe during open enrollment season.

Don’t miss any of our unbiased technical content and lab reviews. Add CNET As Google’s preferred source.

Why is open enrollment a prime target for scammers?

1. Urgency and confusion

The urgency of an open enrollment season is built into the program structure. There is a deadline, after all.

“In any of these periods where something is at stake, if you don’t act, there’s an urgency,” he says. Josh CamdjoCEO and co-founder of AI email security company Sublime Security. “It’s very normal for a scammer to try to take advantage of this.”

This is especially true with open enrollment, because the risks are so high. “A lot of people are prone to wanting to make sure their health care is recorded,” he says. Sharon Omah-IbaniyatDirector of Healthcare Sector Research at Info-Tech Research Group.

There can also be some natural confusion due to the complexity of health coverage in the United States. There is Medicare, Medicare Advantage, Medicaid, and different market tiers. This leaves consumers vulnerable to “simplified” offers that may come from scammers who promise to make things easier.

Screenshot of Medicare email — In 2025, California Health Advocates reported that a suspicious email was circulating regarding an alleged Medicare refund. Experts warn against these types of scams where you are lured with free money in exchange for handing over your personal data. Always contact your service provider using the number on your official insurance card to verify the legitimacy of the message.

California Health Advocates

2. High project contact volume

The formal open enrollment process, even without any bad actors, involves a lot of legitimate communications from government agencies and health care providers.

This creates an opportunity for scammers to use Phishing techniques Such as prank calls, emails, or text messages. Since consumers already expect a lot of calls or messages, scammers may try to blend into the chaos.

3. Target demographics

In general, Kamdjou says, “most attacks of this type are random.” “These are largely untargeted mass phishing attempts.”

However, some demographic groups may be more vulnerable to fraud than others.

Older Americans who may not be as tech-savvy, for example, may be more likely to respond to a scam call or message, Ouma-Ibanyat says.

Low-income Americans may also be targeted during this time. This is because “this enrollment process is a little unstable” from month to month, especially for those with Medicaid coverage. She says scammers look for and target those vulnerabilities, preying on people who have a real sense of urgency or a desperate need for care.

Anatomy of open enrollment scams

I asked our experts to extract the most common types of fraud to show how scammers work and the tactics they rely on.

1. Phishing/phishing

threat: Unsolicited calls, texts, or emails claiming to be from Medicare, HealthCare.gov, or a well-known insurance company like Blue Cross Blue Shield. The scammers demand immediate action, claiming that the beneficiary needs a “new card,” that their “coverage is about to expire,” or that they should “reverify” their Social Security or Medicare number.

“Caller ID can lie,” Oma-Ibanyat says, so don’t trust it.

Government agencies typically do not call out of the blue to request personal information or payment.

Health care scams — Scammers use high-pressure tactics in texts and emails to trick consumers into handing over their personal information.

WXYZ

2. False Benefits and Medicare Supply Plans

“Free” services: Providing free gifts, health screenings, genetic tests, or medical supplies in exchange for a Medicare ID number or other sensitive personal information. “Don’t click on any ads or freebies,” says Uma Ibanyat.

Fake discount plans: Selling “medical discount plans” that charge monthly fees but offer no real insurance or legitimate access to participating providers.

Protecting yourself: basic defense strategies

These practical steps can help you stay ahead of scammers and protect your information during filing season.

1. Protect your personal information

Never share your Medicare ID, Social Security number, banking information, or credit card information with an unsolicited caller, email, or visitor.

2. Check spam connection

Scammers use Caller ID impersonation To make calls appear legitimate. If someone calls claiming to be from a government agency or plan, hang up. Call the official number on the back of your insurance card or use the official government numbers found on any “.gov” website.

“Never trust caller IDs,” says Uma Ibanyat. “Anytime you feel pressured to do anything, always stop…and check.”

The official Medicare contact number is: 1-800-MEDICARE (1-800-633-4227)
The official contact number for the health insurance market is: 1-800-318-2596

Example of a Medicare health insurance card — To help protect your identity, share your Medicare card number and not your Social Security number.

Medical care

3. Use official sources only

You can only access enrollment portals via secure, official government websites (HealthCare.gov or Medicare.gov).

Always check the protocol “https://” and the domain “.gov”.

Seek free, reliable assistance through the official Marketplace Call Center or your State Health Insurance Assistance Program (SHIP). Never pay for registration assistance.

4. Recognize red flags

Any request to “act immediately” or face loss of coverage is a big red flag. Legitimate registrations allow time for review.

“You should never give information too quickly,” says Uma Ibanyat.

Be wary of brokers who offer expensive sign-up gifts, cash, or free checks in exchange for your Medicare ID.

5. Be wary of QR codes

The QR code on the phone on a green background consists of a symbol. — Avoid scanning QR codes related to open registration – A new type of scam involves scanning QR codes instead of clicking on links.

Dragon Claw/Getty Images

A new type of open enrollment scam in recent years has involved the use QR codesrather than malicious links, in phishing emails, according to Kamdjo.

Avoid scanning QR codes related to open registration. As Kamdjou notes, Medicare.gov probably won’t send you a QR code. “It’s used as a way to bypass security solutions,” he says.

6. Monitoring and reporting

Check your Explanation of Benefits (EOB) statements regularly for unauthorized charges or services you did not receive. Immediately report suspected fraud to 1-800-MEDICARE or Federal Trade Commission (Federal Trade Commission).

7. Don’t be too hard on yourself

Even if you do everything right, there is still a chance of falling into a scam.

“When it comes to fraud, it’s more a manipulation of psychology than anything else,” says Ouma-Ebanyat, meaning everyone is vulnerable to fraud.

“Don’t take it personally, it happens to the best of us,” says Kamdjo. Instead, learn from your mistakes to better protect yourself next time.

8. Beware of fraud from legitimate brokers and agents

The broker or agent you use to enroll the ACA or Medicare may be a bad representative. Look for bad behaviors such as:

Income Misstatement (ACA): Rogue agents or web brokers encourage or induce applicants to intentionally misrepresent household income to qualify for higher benefits, which is fraudulent.

Unauthorized recording: Switching an individual’s health plan without their explicit consent, often to earn higher commissions. This is known as a “plan switch” or “lockout.”

Charging for free services: This occurs when navigators or certified application counselors, who are legally required to provide assistance for free, illegally charge fees for registration assistance.

Consider an identity theft or credit monitoring service

In addition to basic online security hygiene (strong passwords, verify all contacts, and pause before giving out personal information), you may want to consider identity and theft protection services to protect against healthcare fraud.

The services below have a wide range of features, costs, and fees. CNET tests and recommends Best identity theft protection servicesBut here’s a breakdown of some common features.

Credit monitoring and alerts: The three major credit bureaus (Equifax, Experian, and TransUnion) can. Track your credit report We send you alerts about any major changes, like a large new credit limit or loan on your record.
Dark web monitoring: Once scammers have stolen your information, they often try to sell it on the dark web. Dark web monitoring services can alert you if your personal information ends up there, and provide recovery support if that happens.
Public records monitoring: Some identity monitoring services Includes the ability to monitor public records (such as court files or property deeds) to alert you if your information appears where it’s not supposed to be, indicating possible identity theft.
Freeze/Credit Lock: If you find yourself in the middle of a scam, or accidentally disclose sensitive information, you can contact your banks and credit card companies to “Freeze” your accounts, Which will prevent scammers from accessing your money.
Financial account alerts: Many banks and financial institutions can notify you of any unusual activity or large transactions, which may alert you to potential fraudulent activity.
Multi-factor authentication: Enabling two-step authentication on your online accounts is an excellent way to protect against hackers. Even if they manage to steal your password, it is very difficult to access your account if it requires a verification code sent to your phone number.

2fa — Enable multi-factor authentication (2FA) to protect your accounts.

Matt Elliott/CNET

Use a password manager service: A password manager helps you create and store strong passwords, which can protect you from fraudsters trying to access your passwords or accounts. CNET recommends Bitwarden And a A few others.
Identity recovery services: Some identity theft monitoring and protection products also offer “recovery” services. The best ones offer a white glove recovery service, which assigns a fraud specialist to your case to do the heavy lifting of recovering your identity, According to CNET experts.
Think about antivirus software: A Good antivirus software On your computer it can filter out some attempts by hackers to send you fraudulent communications or access your sensitive information.