What is Phishing?

Scammers use various techniques to lure individuals into providing sensitive personal information that they can use for fraudulent activity. Phishers often pose as legitimate companies and reach out to targeted victims in a variety of ways through emails, text messages, phone calls, social media, etc.

Fraudsters can be very compelling with believable stories and may use personal details obtained from the internet to ‘reel in’ your information, such as:

  • Username
  • Password
  • Social security number
  • Account number

Don't get hooked!

HealthEquity is working around the clock to keep our security practices up-to-date, but you are the first line of defense when it comes to keeping yourself off the hook. Here are a few things that you can do to create your own ‘no phishing’ zone:

  • Log into your account: As soon as your account is open, log in to My.HealthEquity.com and create a secure username password.
  • Use unique passwords: We recommend creating a strong password unique to your HealthEquity account. Be creative! You might consider replacing letters with numbers or symbols.
  • Don’t save passwords in your browser: While saving passwords is very convenient, it makes it much easier for an attacker to access your account if your computer is compromised.
  • Don't click on email links: If you are asked to sign in to your account, type the website that you know is correct into your internet browser. My.HealthEquity.com is our official secure login page.
  • Learn to identify phish bait: Understand what to look for to uncover an email scam. Here are some common giveaways:
    • Subject line is 'urgent' or requires 'immediate action.' Fraudsters want you to act without thinking.
    • Sender name looks odd or unfamiliar
    • The greeting is not personalized with your name. Why trust someone who doesn’t know your name?
    • Misspellings and grammatical errors, including UK spellings
    • Links that look modified or unusual (i.e. healthequ1ty.com)
    • Attachments: Never open an email attachment you didn’t request, they may contain viruses or malware
  • Look for secure site indicators in any link: Authentic login sites have certificates of security indicated by a locked keypad icon by most browsers or an 's' added to the url (i.e. https://www...)
  • Enable email notifications to alert you when information changes on your account.
  • Review your transaction history frequently and report any suspicious activity immediately.

Report an attack

If you feel you have received an email from a scammer posing as HealthEquity:

  • Forward the entire email to phishing@healthequity.com
  • If you clicked on links or provided sensitive HealthEquity information to a suspected scammer, call HealthEquity Member Services immediately at 866.346.5800. We’re available 24/7 to assist you.
  • Report the email to the Federal Trade Commission by forwarding it to spam@uce.gov.

The average user receives 16 malicious emails per month.

Symantec 2018 ISTR, https://blog.barkly.com/phishing-statistics-2018


46% of U.S. survey respondents have fallen victim to a phishing scam.

https://www.wombatsecurity.com/phishing


Email scams cost organizations $676 million in 2017.

FBI's Internet Crime Report, https://pdf.ic3.gov/2017_IC3Report.pdf


The number of phishing websites rose 46% in 2018.

https://docs.apwg.org/reports/apwg_trends_report_q1_2018.pdf


76% of companies were targeted by phishing scams in 2017.

https://www.wombatsecurity.com/state-of-the-phish