Benefits Enrollment Scams and AI: What Businesses Need to Know

For most organizations, the end of the year brings a familiar ritual: open enrollment. Employees compare plans, HR teams answer questions, and inboxes fill with reminders and deadlines. 

Unfortunately, it’s also one of the busiest seasons for cybercriminals—because benefits enrollment creates the perfect cover for scams. And thanks to AI, those scams are becoming more polished, more believable, and much harder to spot.

In today’s threat landscape, bad actors can recreate company emails, mimic HR leaders’ writing styles, clone logos with pixel-perfect accuracy, and even generate convincing phone calls. The result is a rising wave of benefits-related fraud aimed at tricking employees into handing over sensitive information at the exact moment they’re expecting to receive messages about benefits.

Understanding the risks—and how to mitigate them—is no longer optional. It’s essential.

Why Open Enrollment Is Prime Time for Scammers

During enrollment season, employees are conditioned to expect frequent communication about health plans, deadlines, and required actions. Attackers know this. They also know that employees are more likely to click quickly when the message feels urgent or administrative in nature.

AI makes their job even easier. With a few prompts, scammers can generate:

• Emails identical to your HR communications
• Fake login pages that mirror real benefits portals
• Deepfake audio voicemails supposedly from HR or a benefits provider
• SMS messages with urgent reminders to “verify coverage immediately”

When people are busy, stressed, or trying to avoid missing enrollment deadlines, these tactics work.

Common Forms of AI-Driven Benefits Scams

Cybercriminals have become increasingly creative. Here are some of the most common schemes circulating during open enrollment:

1. Fake Open Enrollment Portals

Attackers send realistic emails directing employees to a fraudulent site. The login page looks identical to the real portal—same branding, same layout, same domain except for a subtle change (like .co instead of .com). Once employees log in, their credentials are stolen.

What to watch for: URLs that don’t exactly match, broken links, login pages that don’t load properly, or requests for information your HR team has never needed before.

2. Deepfake HR Messages

AI-generated audio or video messages can mimic HR leadership with unsettling accuracy. Employees may receive a voicemail reminding them to “update their dependent information via the link I emailed you earlier”—a link that leads to data theft.

What to watch for: Unusual requests, inconsistent tone, or contact from leaders who don’t typically send enrollment messages.

3. Enrollment “Help Desk” Scammers

Fraudsters pose as HR support or third-party benefits administrators, offering assistance via text or phone. They’ll “verify” Social Security numbers, dates of birth, or banking information under the guise of enrollment troubleshooting.

What to watch for: Unsolicited calls, pressure to provide sensitive details, or help desks reaching out before you asked for help.

4. Plan Change Phishing

Attackers send alarming messages: “Your health coverage has been terminated—resolve immediately.” The emotional jolt drives employees to click first and think later.

What to watch for: Threatening language, demands for immediate action, or emails that skip normal HR communication channels.

How Organizations Can Protect Employees

The good news: with awareness and the right controls, companies can significantly reduce the risk of enrollment-season fraud.

1. Communicate Early and Clearly

Let employees know exactly how HR will contact them, what official emails look like, and what information you will never ask for. Provide a sample of real communications to compare against.

2. Centralize Enrollment Links

Encourage employees to access enrollment portals through your company intranet—not through links in emails. This single step eliminates the majority of phishing risk.

3. Train Staff on AI-Enabled Scams

Short, specific training works best. Teach employees to slow down, verify senders, and report anything suspicious.

4. Use Multifactor Authentication (MFA)

Even if an attacker steals credentials, MFA can prevent them from accessing the benefits system or payroll.

5. Establish a “Trust, Then Verify” Culture

Make it easy for employees to double-check communications. A quick Slack message or email to HR should be encouraged, not treated as a nuisance.

Protect What’s at Stake

Benefits enrollment is stressful enough without cybercriminals exploiting the process. With AI making scams more sophisticated, organizations must get proactive—by educating employees, tightening communication practices, and promoting a culture of verification. Open enrollment should be about choosing coverage, not navigating threats. A little preparation now can prevent a lot of damage later.