Monday, December 9, 2013

Security Warning: Can Direct Users to Fraudulent Sites

This is from Mark Steyn writing in the National Journal

When Ted Cruz suggested that “Nigerian email scammers” built the Obamacare websites, the Nigerian Ambassador demanded he apologize.

New problems emerged on Friday, with a Capitol Hill source drawing attention to an apparent scam in the system. The source detailed how, after telling the user the password was incorrect, the site directed the individual to a “forgot password” page — which then asked for highly personal information. 

“On that page I was asked for my check card number and my ATM pin,” the source said. “I was fairly confident this was a scam so I called customer service. After a 103 minute hold time, I was told that this was indeed a scam.” 

The explanation is not exactly reassuring:

Some shoppers are being directed from the insurance website to an outside site that appears nearly identical to the real exchange, officials confirmed Friday. The fraud is widespread enough that they’re considering adding disclaimers to its website to warn users against divulging their check card or PIN numbers.

“Yes, we have heard of it. There is definitely a phishing scam from an outside source,” said Richard Sorian, a spokesman for D.C. Health Link.

Hey, don’t worry. It’s not us, just some guy who’s hijacked our website.