Cybercrooks use fake websites to harvest health insurance data

SIDN identifies more than 450 phishing sites exploiting health insurers' brand familiarity

Cybercrooks are looking to scam Dutch people when they review their health insurance cover. That's the conclusion of a study by SIDN (the Foundation for Internet Domain Registration in the Netherlands). The study found more than 450 phishing sites with domain names like the names of well-known health insurers. That's very worrying with the Dutch government's annual policy presentation approaching, because many people weigh up their health insurance options in the period just after the statement.

Typosquatting

A trick known as 'typosquatting' is central to the scams. It involves registering a domain name that's nearly the same as the name of a trusted brand or organisation. So you might easily type it by mistake, or not notice the difference if you saw the name. The crooks link the lookalike domain name to a fake website, which some people then land on when looking for the brand or organisation in question. The domain names are also used in adverts that appear in your search engine when you search on related keywords. One of the most common typosquatting tactics is to trick people with a domain name that's like a big company's name except that the letter 'o' has been replaced by a zero. People glancing at the name often overlook the difference and think that they're visiting the company's site, when really it's a fake.

Analysis

SIDN used the Domain Name Surveillance Service (DBS) to find all the domain names that incorporate or closely resemble the names of Dutch health insurers. The scan got more than 14,500 hits. The flagged domain names were then classified using an automated procedure that looks at various characteristics. The classification process isn't 100 per cent reliable, but gives a strong indication of how the domain names are being used.

Univezorgzaam.nl

More than half of the domain names identified by the initial scan seemed to be linked to normal websites. However, the classification indicated that 3 per cent of them (451 domain names) were being used for phishing. One was 'univezorgzaam.nl'. Dutch internet users could easily expect that domain name to belong to a website or app run by Univé, one of the country's biggest health insurers. It actually leads to appsware.com and a screen encouraging visitors to install a 'secure browser'. In reality, the browser is far from secure, but incorporates hard-to-remove malware. Scammers are exploiting Univé's brand familiarity to distribute malicious software. The procedure to get the website taken down is currently in progress.

Health Insurence data are worth money

"We're seeing more and more internet crooks jumping on the bandwagon when a topic is in the news or a new tool or service comes in. Scams linked to health insurance are part of that trend. It's therefore important that insurance companies are on the lookout in the busy period after the government's annual policy presentation," says Roelof Meijer, SIDN's CEO. "Scammers are really keen to get hold of health insurance data. On the black market it can even be worth more than credit card details, because it can be used to make fraudulent claims."

Comments

  • Tuesday 28 January 2020

    Knowledge

    Freedom Internet: an ISP that puts privacy first

    Thumb-teenager-in-yellow-raincoat

    An interview with CEO Anco Scholte ter Horst

    Read more
  • Tuesday 16 July 2019

    SIDN Labs

    TimeNL: the transparent new NTP service from SIDN Labs

    Thumb-LCD-clock-display-macro

    The importance of accurate time measurement and synchronisation

    Read more
  • Monday 11 November 2019

    Knowledge

    You can't compare apples with pears

    Thumb-pears-and-apples

    CENTR's RRDG working group gets to grips with data standardisation

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.