Medicare scam calls surge as stolen data targets seniors during open enrollment

Medicare scam calls were already a familiar nuisance for many older Americans. During the most recent open enrollment season, they became something more dangerous. Recent reporting citing Better Business Bureau complaint data found Medicare scam complaints running 40% higher than a year earlier, while federal officials were separately dealing with a confirmed Medicare.gov account incident that exposed enough real beneficiary information to make fraudulent calls sound far more believable. That combination, a jump in scam activity and a pool of stolen personal data, created an unusually risky environment for seniors making time-sensitive coverage decisions.

Stolen Medicare data changed the script

The sharpest reason this story matters is that some scammers no longer have to guess. In a June 2025 notice, the Centers for Medicare & Medicaid Services said bad actors had used personal information from unknown external sources to create unauthorized Medicare.gov accounts. CMS said about 103,000 beneficiaries may have been affected and that the data used to create those accounts included valid Medicare Beneficiary Identifiers, coverage start dates, last names, dates of birth, and ZIP codes. CMS also said it would deactivate the fraudulent accounts and issue new Medicare numbers where needed. That changes the tone of a scam call immediately. A generic robocall is easy to ignore. A caller who already knows a beneficiary’s name, mailing area, birth date, or Medicare details sounds like someone who belongs inside the system. That is exactly why the latest wave has been so effective. The scam is not built on persuasion alone. It is built on verification theater, with the caller proving credibility by reciting information the target assumes only Medicare or a legitimate plan representative should know. The Federal Trade Commission warned in a consumer alert issued for Medicare open enrollment that scammers may sound professional, may already have some personal information, and may claim a beneficiary needs a “new” or “updated” Medicare card. The agency’s advice was blunt: real Medicare cards are mailed automatically for free, and true Medicare representatives will not unexpectedly call, text, or email asking for a Medicare number, bank account number, credit card number, or payment. That is the part many families underestimate. Once a scammer has enough information to sound legitimate, the conversation can quickly move from “confirm your details” to “protect your coverage” or “verify your bank account.” At that point, the call is no longer just irritating. It becomes a direct path to identity theft, fraudulent medical billing, or drained accounts.

Open enrollment gives fraudsters the perfect pressure point

Medicare’s annual open enrollment period runs from October 15 through December 7, a narrow window when beneficiaries are already reviewing plan notices, comparing prescription coverage, and watching for changes that take effect in the new year. That administrative churn creates exactly the kind of confusion scammers like to exploit. The FTC said scammers get more active during the period because beneficiaries are primed to expect messages about coverage and plan changes. Fraudsters know a call about a replacement card, a plan update, a prescription issue, or a billing review sounds more plausible in the fall than it does in the middle of summer. Urgency does the rest. A senior who hears that action is needed “today” to avoid losing benefits is more likely to stay on the line than someone getting the same pitch at another time of year. The broader fraud picture also shows why older adults remain such attractive targets. In an August 2025 data release, the FTC said reports from older adults who lost $10,000 or more to impersonation scams had risen more than four-fold since 2020. For victims who lost more than $100,000, combined reported losses climbed from $55 million in 2020 to $445 million in 2024. Medicare-themed calls are only one lane in that larger impersonation economy, but they fit the same pattern: trusted name, urgent problem, immediate request for money or sensitive information. Caller ID makes the problem worse, not better. The HHS Office of Inspector General warned that official HHS-OIG phone numbers have been used in spoofing scams, allowing callers to make it appear as though the contact is coming from a legitimate government line. For many older adults, that visible number is still the first and strongest test of credibility. Spoofing turns that instinct into a vulnerability. Enforcement officials are also signaling that the problem is not just the caller at the other end of the line, but the telecom pipeline that allows high-volume scam traffic to keep moving. In April 2025, California Attorney General Rob Bonta and a bipartisan coalition of attorneys general warned nine voice providers about transmitting substantial illegal robocall traffic, including Medicare scam campaigns. That matters because scam operations do not scale without carriers and intermediaries willing, or unable, to stop the calls from reaching consumers.

What readers should actually do

The clearest protection rule comes from Medicare itself: Medicare will not call to sell anything, and it will ask for personal information only in limited situations, such as returning a call a beneficiary initiated. In practical terms, that means an unexpected call asking for a Medicare number, Social Security number, bank information, or payment details should be treated as fraudulent until proven otherwise. Families should also stop treating these calls as harmless background noise. Scam pressure works through repetition. A parent or grandparent who gets multiple Medicare-themed calls a day can become worn down, especially if the caller already has enough correct details to sound official. A short weekly check-in about strange calls, letters, or plan “updates” is often more useful than a one-time lecture about fraud. It also helps to push older relatives toward known channels before any problem arises. The FTC says people who need plan help should use SHIP counselors, Medicare.gov, or 1-800-MEDICARE, not a number provided by an unsolicited caller. If fraud is suspected, consumers can report it through ReportFraud.ftc.gov and through Medicare’s own fraud reporting process. Those reports do not just document individual losses. They help regulators map the campaigns, the scripts, and the networks carrying them. The reason these scams feel more threatening now is simple. The callers are not just better talkers. In some cases, they are working from real beneficiary data, during the one part of the year when seniors are already expecting plan-related contact. That is what makes the latest spike more than another robocall story. It is a warning that stolen data and seasonal confusion are being fused into a sharper kind of fraud, one aimed squarely at people who can least afford to get it wrong.