What is Phishing?

Scammers use various phishing techniques to lure users into providing sensitive personal information. They pose as legitimate companies and reach out to targeted victims in a variety of ways:

  • Email
  • Text messages
  • Phone calls
  • Social media

Fraudsters can be very compelling with believable stories and may use personal details obtained from the Internet. They use “urgent” requests to try to convince their prey to divulge sensitive information such as:

  • Usernames
  • Passwords
  • Social security numbers
  • Account numbers
  • Personal identification numbers

Protect your account

Here are a few things that you can do help reject phish bait:

  • Log into your account: As soon as your account is open, log in and create a unique and secure password. Don’t use the same password for multiple sites.
  • Use unique passwords: We recommend creating a strong and unique password specific to your HealthEquity account.
  • Don’t click on email links: If you are asked to urgently sign into your account, type in the website yourself that you know is correct. HealthEquity.com is our official site where you can access the secure login page.
  • Learn to identify “phishy” details: Understand what to look for to uncover an email scam. Here are some common giveaways:
    • Subject line is “Urgent” or “Immediate Action”
    • Sender name looks odd or unfamiliar
    • Dear Customer... The greeting is not personalized with your name
    • Please confirm your identity... Legitimate sites won’t ask to verify identity
    • Misspellings and grammatical errors, including UK spellings
    • Attachments: Unless you requested a document from HealthEquity to be sent via email
    • Links that look modified or unusual (healthequ1ty.com or the link may not contain healthequity)
    • Vague information
  • Look for secure site indicators in any included link. Authentic login sites have certificates of security indicated by a locked keypad icon by most browsers or an “s” added to the url, i.e. https://www...
  • Enable email notifications to alert you when information has changed on your account
  • Review your transaction history frequently
  • When in doubt, call HealthEquity direct 24/7 at 866.346.5800.

Report an attack

If you feel you have received an email from a scammer posing as HealthEquity:

  • Forward the entire email to phishing@healthequity.com
  • If you clicked on links or provided sensitive HealthEquity information to a suspected scammer, call member services immediately at 866.346.5800. We’re available 24/7.
  • Report the email to the Federal Trade Commission by forwarding it to spam@uce.gov.

The number of detected phishing sites in March 2016 was 277% higher than in November 2015.


The financial industry is the second largest phishing target

Source: Anti-Phishing Working Group, Phishing Activity Trends Report, May 23, 2016