FDIC logo

FDIC-Insured - Backed by the full faith and credit of the U.S. Government

4/15/2026

Protect Your HSA: How to Spot Scam Emails

Scammers are sending fake HSA emails to steal account credentials. Learn how to recognize, avoid, and report these dangerous phishing scams.

What Is the Health Savings Account (HSA) Email Scam?

Cybercriminals are targeting individuals with fake HSA-related emails. These messages often claim there’s an issue with your account, a change to your contribution limits, or an urgent verification request. The emails mimic those from legitimate institutions but direct you to fraudulent sites designed to trick you into revealing your credentials or to gain unauthorized access to your funds.

How the Scam Works

Scammers send emails that appear to come from your health benefits provider, bank, or HSA administrator. These emails typically alert you to a supposed problem, like exceeding contribution limits or needing to confirm your identity. Victims are prompted to click a link that leads to a fake login page, where entering personal credentials may allow criminals to access and misuse your HSA account.

Example of the Scam in Action

Michael received an ‘Urgent: HSA Account Alert’ email claiming he had surpassed his annual contribution limit. The email included a “review your details” link for his account. Trusting the source, he entered his login info. Later, he discovered that his account had been compromised and funds withdrawn.

 How to Protect Yourself From the HSA Email Scam 

If you receive a suspicious email regarding your HSA, protect yourself with these steps: 

  • Never click on suspicious email links. Instead, go directly to your provider’s website by typing the URL into your browser.
  • Verify the sender’s address. Scammers often use addresses that mimic official ones, but look closely and you’ll spot red flags like slight misspellings or off-brand domains.
  • Enable multifactor authentication (MFA). MFA adds a second layer of security, making it harder for scammers to access your account even if they get your login credentials.
  • Check account activity regularly. Early detection of unauthorized changes or transactions can help limit damage.
  • Keep your software and security tools up to date. Updated browsers and antivirus software may help detect or block suspicious behavior.

 If You Think You’ve Been Scammed

To avoid falling victim to the HSA Email Scam, follow these essential tips.

  • Contact us and any other financial institution you work with. If your account information has been compromised or if you have mistakenly given money to a scammer, let us know.
  • Report the scam to the FTC. File a report with the Federal Trade Commission at ReportFraud.FTC.gov. Inform your local law enforcement as well.
  • Report the scam to your state attorney general. You can find information at NAAG.org.
  • Warn others and raise awareness. Share your experience with coworkers, friends, and family so they can recognize and avoid similar scams.
  • Scan the QR code with your phone's camera to instantly download our mobile app, or use the links below to install the app to your device.
  • App Store
Equal Housing Lender
FDIC

FDIC-Insured - Backed by the full faith and credit of the U.S. Government

© 2026 German American Bank . All rights Reserved

Routing Number #:
083904563
Call Us
(812) 482-1314 or (800) 482-1314
Bankline 24
(800) 536-0660
Treasury Support
(800) 482-1314, ext 2500
Equal Housing Lender FDIC

FDIC-Insured - Backed by the full faith and credit of the U.S. Government

© 2026 German American Bank . All rights Reserved

Our website uses cookies to improve your website experience and provide more personalized products and services to you. By using our website, you agree to the use of cookies.