Phishing Alert: HSA Important Message Email

Phishing AlertSMU Human Resources has circulated a notice that several SMU employees were targets of a phishing campaign masquerading as the managing services for the University’s Health Savings Account (HSA). Unfortunately, the phishing incident occurred shortly before BenefitWallet sent legitimate direct emails about the member portal upgrade to SMU employees enrolled in an HSA.

Details from the original BenefitsU notice from HR is below:

Phishing Incident

SMU Human Resources was notified late yesterday of a phishing email that was sent to individuals enrolled in a BenefitWallet Health Savings Account (HSA).  The phishing email was sent the week of June 26th from an unauthorized email address, ‘BenefitWallet® [mailto:noreply@mybenefitwallets.us]’.  The subject line of the phishing email is ‘HSA Important Message – Action Needed’.  

The BenefitWallet HSA participants who were tricked by the phishing email clicked through to a fake BenefitWallet look-alike portal. They then provided their user name and password. The fraudsters collected this information, used it to sign onto the real BenefitWallet site, and transferred funds from these accounts.

The fraudulent website and email domains were shut down last night so there is currently no risk to other BenefitWallet accounts.  Regardless, if you received the phishing email and it is still in your SMU or personal email Inbox, please delete it from the Inbox and the Deleted Messages box.

BenefitWallet has confirmed that the source of the email addresses used by the fraudsters did not come from Conduent, BenefitWallet, or any of their service partners. While it has not yet been determined how the criminals obtained the email addresses, BenefitWallet is working with law enforcement to identify and prosecute the perpetrators.

New BenefitWallet Member Portal

Unfortunately, the phishing incident occurred shortly before BenefitWallet sent a legitimate email to SMU HSA participants on June 28th, regarding an upgrade to their member portal.  The subject line of the legitimate email is ‘We’re Upgrading Your HSA – Action Needed’.  You can expect to receive additional emails from BenefitWallet regarding the upgrade and it is important that you follow the instructions provided.  If you have any concerns about the legitimacy of these emails, please contact BenefitWallet at (877) 635-5472 before opening.

If you have questions regarding your account or the new member portal please contact BenefitWallet at (877) 635-5472.

Please remember to be on the lookout for these types of phishing emails, and always guard your password carefully.

Print Friendly, PDF & Email

Published by

Ian Aberle

Ian Aberle is an Adobe Creative Educator and the Senior IT Communications Specialist & Trainer for the Office of Information Technology (OIT). For over 25 years, he has helped the SMU community use technology and implement digital and web media through multiple roles with the Digital Commons, SMU STAR Program, and now OIT. Ian enjoys photography and road trips with his family in his free time.