Phishing Alert: HSA Important Message Email

Phishing AlertSMU Human Resources has circulated a notice that several SMU employees were targets of a phishing campaign masquerading as the managing services for the University’s Health Savings Account (HSA). Unfortunately, the phishing incident occurred shortly before BenefitWallet sent legitimate direct emails about the member portal upgrade to SMU employees enrolled in an HSA.

Details from the original BenefitsU notice from HR is below:

Phishing Incident

SMU Human Resources was notified late yesterday of a phishing email that was sent to individuals enrolled in a BenefitWallet Health Savings Account (HSA).  The phishing email was sent the week of June 26th from an unauthorized email address, ‘BenefitWallet® [mailto:noreply@mybenefitwallets.us]’.  The subject line of the phishing email is ‘HSA Important Message – Action Needed’.  

The BenefitWallet HSA participants who were tricked by the phishing email clicked through to a fake BenefitWallet look-alike portal. They then provided their user name and password. The fraudsters collected this information, used it to sign onto the real BenefitWallet site, and transferred funds from these accounts.

The fraudulent website and email domains were shut down last night so there is currently no risk to other BenefitWallet accounts.  Regardless, if you received the phishing email and it is still in your SMU or personal email Inbox, please delete it from the Inbox and the Deleted Messages box.

BenefitWallet has confirmed that the source of the email addresses used by the fraudsters did not come from Conduent, BenefitWallet, or any of their service partners. While it has not yet been determined how the criminals obtained the email addresses, BenefitWallet is working with law enforcement to identify and prosecute the perpetrators.

New BenefitWallet Member Portal

Unfortunately, the phishing incident occurred shortly before BenefitWallet sent a legitimate email to SMU HSA participants on June 28th, regarding an upgrade to their member portal.  The subject line of the legitimate email is ‘We’re Upgrading Your HSA – Action Needed’.  You can expect to receive additional emails from BenefitWallet regarding the upgrade and it is important that you follow the instructions provided.  If you have any concerns about the legitimacy of these emails, please contact BenefitWallet at (877) 635-5472 before opening.

If you have questions regarding your account or the new member portal please contact BenefitWallet at (877) 635-5472.

Please remember to be on the lookout for these types of phishing emails, and always guard your password carefully.

Published by

Ian Aberle

Ian Aberle is the IT Communications Specialist and Trainer for the Office of Information Technology (OIT) at Southern Methodist University (SMU). He started at SMU in 1996 and for much of his career at the University had managed the SMU STAR Program before joining the Training & Communications Team in 2015. In his free time, Ian enjoys photography and road trips with his family. You can see examples of when the two collide at http://ianaberle.com.