Obamacare launch spawns 700+ cyber-squatters capitalizing on Healthcare.gov, state exchanges
By JOEL GEHRKE | OCTOBER 23, 2013 AT 2:19 PM
More than 700 websites have been created with names playing off of Obamacare or Healthcare.gov, making it likely that some Americans will mistakenly hand over private information to unknown third-parties.
For instance, there is a website — www.obama-care.us
— that brands itself as part of the "Obamacare enrollment team," directs people to an "Obamacare enrollment form" and asks users for their name, address, Social Security number and other contact information. According to a counter at the bottom of the page, more than 3,000 people have visited obama-care.us.
This website does not actually enable people to enroll in Obamacare. It was registered with GoDaddy.com on Sept. 2 — less than a month before the official launch of the health care exchange websites — according to who.is, a website that provides information on internet domains and their owners.
The practice of setting up websites with names that are similar to high-profile pages is known as cyber-squatting.
It can be used by private businesses looking to siphon traffic away from their competitors, by marketers selling ads to private companies — by visiting a website, you're revealing your interest in a given product — or by identity thieves.
"[Obama-care.us] is so well deceptively designed that I had to research the owner to verify that it wasn't a government site," said a retired cybersecurity industry expert.
"It is owned by a company named 'Property Systems of Georgia,' and they own 167 other squatter sites," the expert said.
A less ominous website goes by the name "healthcare.com" — exactly the same as the website for the federal health care exchange, except that the official site ends with a dot-gov suffix.
Users attempting to find the Obamacare website will see a small Image of the White House on the left side of the page with a link promising to answer the question, "what does the new health care law mean to you?"
Healthcare.com offers to put people in contact "with top insurance agents and carriers in your state," because "when looking for quality and affordable plans, it is important that you talk to a licensed insurance agent."
The retired cybersecurity expert guessed, based on his experience in the industry, that healthcare.com could receive as much as 30 percent of traffic intended for the main federal exchange page.
He said that cyber-squatters generally siphon 10 to 40 percent of the a site's traffic, adding that the official Obamacare sites will likely be on the upper end of that range, given the large number of squatters.
To prevent cyber-squatting, professional website owners typically purchase domain names that are similar to the main page.
For instance, former Senate candidate Sharron Angle wanted to make sure that people who misspelled her first name by using only one "R" would still reach her website.
So she bought the domain name — sharonangle.com — and the page automatically redirects users to the proper website.
For the same reason, the owners of washingtonexaminer.com also own washingtonexaminer.net.
"I was shocked to find out that they have not picked up any of these other top-level domains," the cybersecurity expert said.
He also provided the Washington Examiner with a list of 221 websites that he identified, using proprietary software, as cyber-squatters taking advantage of the healthcare.gov rollout — websites such as healthcarer.com — and another 499 that he identified as squatting on state exchange websites.
Online security expert John McAfee predicted such a problem weeks ago. "There is no central place where I can go and say, 'OK, here are all the legitimate brokers and examiners, for all of the states,' and pick and choose one," McAfee told Fox News' Neil Cavuto.
"nstead, any hacker can put a website up, and make it look extremely competitive, and because of the nature of the system — this is health care, after all — they can ask you the most intimate questions and you're freely going to answer them."