Open Enrollment = Open Season for Scammers

You have to give scammers credit, as they are a creative bunch. While most of us think of the annual open enrollment period for employee benefits as a non-event, scammers see it as an opportunity.

Just last month we‰Ûªve seen suspicious sites targeting employees of some of the largest corporations. In one particular example, a cybersquatter registered a domain name that closely mimicked the open enrollment benefits page of a Fortune 500 company. To illustrate using a generic company name, the squatted domain was ‰Û÷,‰Ûª whereas the real company benefits page resided on the subdomain ‰Û÷‰Ûª The cybersquatter obviously was anticipating that employees would forget to type the period in the subdomain and land on its fake site.

The squatted site contained numerous links to benefits-related pay-per-click sites (see screenshot). While it may have been the intention of the scammer to generate incremental revenue from employees who clicked through on the links, it is also very possible that the scammer was planning on changing the content to something more malicious such as a phishing site. We often see scammers employ this tactic to avoid any immediate takedown action and to maximize their ploys.

Fortunately, the Fortune 500 company in this case was actively monitoring for potential attacks on its brand and caught and remedied the situation quickly. (The squatted domain was recovered and now redirects to the company‰Ûªs real benefits page.) If the site had gone undetected, you can just imagine the havoc this would have created if the site morphed into a phishing site and even a minute percentage of the company‰Ûªs tens of thousands of employees had unknowingly landed on the site and disclosed their personal credentials.

So, what‰Ûªs the takeaway from this? While most brand owners know to monitor for online scams associated with new product launches or announcements, they also need to be extra vigilant around recurring company events such as open enrollment periods, sales events, community events, etc. If an event is predictable, it‰Ûªs very easy for scammers to devise a socially engineered scam that that preys on customers and employees‰Ûª anticipation of the event.