Medicare email scams are the fastest-growing category of elder fraud in the United States. In 2025, the FTC reported over 147,000 elder fraud complaints tied to government impersonation, with Medicare-themed phishing responsible for more than $1.2 billion in losses. If you or someone you love receives Medicare-related emails, this guide will teach you exactly how to identify Medicare email scams — and what to do the moment one lands in your inbox.
Important fact
Medicare will never contact you by email to ask for your Medicare number, Social Security number, or bank account details. Any email claiming to be from Medicare and requesting this information is a scam.
What Do Medicare Email Scams Look Like?
Medicare email scams are designed to look indistinguishable from official government communications. Scammers invest in fake logos, government-style formatting, and official-sounding language to lower your guard. Understanding the most common formats is the first step to identifying Medicare email scams before they do damage.
The “New Medicare Card” Scam
This is the most common variant. The email claims your Medicare card has been updated or that you must verify your information to receive a new card. The email contains a link to a realistic-looking fake Medicare.gov site that harvests your personal information.
The “Free Medical Equipment” Offer
These emails offer free braces, wheelchairs, or other durable medical equipment covered by Medicare. To “claim your benefit,” you must provide your Medicare ID and insurance details. Scammers then bill Medicare fraudulently using your information, which can result in claim denials for legitimate care you actually need.
The “Overpayment Refund” Scam
You receive an email stating Medicare owes you a refund for an overpayment. To receive the money, you need to verify your bank account. There is no refund — only a drained account.
The “Coverage Cancellation” Threat
Fear is a powerful tool. These emails claim your Medicare coverage will be suspended or cancelled unless you verify your information within 24–48 hours. The manufactured urgency is designed to short-circuit your normal skepticism.
Red Flags to Watch For in Medicare Phishing Emails
Knowing how to identify Medicare email scams means training yourself to notice these specific warning signs:
- Sender address does not end in .gov — legitimate Medicare emails come from cms.hhs.gov or medicare.gov only
- Urgency language: "Act within 24 hours," "Your coverage will be suspended," "Immediate action required"
- Requests for Medicare ID, Social Security number, bank account, or credit card information
- Links that hover to reveal URLs with extra words (medicare-update-2026.com, not medicare.gov)
- Generic greetings like "Dear Medicare Beneficiary" instead of your actual name
- Poor grammar or spelling — many scam operations are run internationally
- Attachments labeled "Your New Medicare Card" or "Claim Form" — real Medicare does not email attachments
- Offers for free equipment, benefits, or cash refunds you did not request
Quick check
Before clicking any link in a Medicare-themed email, hover over it on a desktop computer. The actual URL should show in the bottom of your browser. If it does not end in .gov, close the email immediately.
Real Examples of Medicare Phishing Tactics in 2026
Scam tactics evolve constantly. Here are specific examples documented by security researchers and the FTC in the past 12 months:
Subject: “Your 2026 Medicare Supplement Renewal — Action Required”
Sent from “Medicare-Benefits@medicare-renewal-2026.net”. Contains a realistic Medicare logo and a link to a form requesting your Medicare ID and date of birth to “confirm your coverage continues uninterrupted.”
Subject: “You Have Unused Medicare Benefits Worth $847 — Claim by March 31”
A deadline-driven offer for free hearing aids. The landing page collects Medicare ID, SSN, and shipping address. Attackers use this to commit both identity theft and Medicare billing fraud simultaneously.
Subject: “IMPORTANT: Verify Your Identity to Avoid Medicare Suspension”
Uses AI-generated personalized body copy that correctly identifies the recipient's state and age group (sourced from data broker lists). The increased specificity makes this variant dramatically more convincing than older scams.
How to Protect Yourself and Your Family
Protecting yourself from Medicare email scams requires both behavioral habits and the right technical tools. Here is a practical action plan:
Behavioral Steps
- 01Never click links in unsolicited Medicare emails. Go directly to medicare.gov by typing it in your browser.
- 02Call Medicare directly at 1-800-MEDICARE (1-800-633-4227) to verify any email claim before taking action.
- 03Set up a rule: no Medicare decision happens within 48 hours of receiving an email. Urgency is always a red flag.
- 04Report suspicious emails to reportfraud.ftc.gov and forward them to stop.medicare.fraud@cms.hhs.gov.
- 05Tell your family members what you have learned. Social proof from a trusted family member is more effective than any article.
Technical Protection: Automated Detection
Behavioral habits help, but they require you to be alert every time. Given that the average senior receives 40+ emails per day, relying on vigilance alone is not a realistic defense. This is where automated email security becomes essential.
Glance's 4-tier detection engine analyzes every incoming email before it reaches your inbox. Government impersonation attempts — including Medicare phishing — are flagged at Tier 2 (heuristic analysis) through sender domain verification and keyword pattern matching, and again at Tier 4 (AI deep scan) which identifies manipulative urgency language and spoofed sender patterns that bypass standard spam filters.
Critically, Glance's Circle of Trust model means that if a Medicare-themed email from an unknown sender arrives, a designated family member is notified to approve or block it — before the recipient ever sees it. This creates a human checkpoint that no amount of AI-generated personalization can bypass.
Glance is free to start and takes less than five minutes to set up. If your parent has received a suspicious Medicare email in the past six months, there is a high probability they are on a targeted list and will receive more.
Protect Your Family FreeWhat to Do If You Already Responded to a Medicare Scam
If you or a family member has already clicked a link or provided information to a Medicare scam email, act quickly:
- 01Change your Medicare.gov password immediately if you clicked on any link.
- 02Call your bank to alert them and freeze your account if financial information was shared.
- 03Contact the Social Security Administration (1-800-772-1213) if your SSN was disclosed.
- 04Place a fraud alert with all three credit bureaus: Equifax, Experian, and TransUnion.
- 05File a report with the FTC at reportfraud.ftc.gov and with your state's attorney general office.
Frequently Asked Questions
Does Medicare ever contact you by email?
No. Medicare does not use email to communicate with beneficiaries. All official Medicare communications arrive by postal mail. If you receive an email claiming to be from Medicare, it is a scam.
What happens if I accidentally clicked on a Medicare scam link?
Do not enter any information on the site you were taken to. Close the browser immediately. Run an antivirus scan on your device. Then follow the steps in the "What to Do If You Already Responded" section above. Speed matters — the sooner you act, the less damage can be done.
How do Medicare scammers get my email address?
Your email address may appear in data broker databases, purchased mailing lists, or may have been exposed in a data breach. Medicare scammers often cross-reference these lists with demographic data to target people in the 65+ age group specifically.
Can I stop Medicare scam emails from reaching my inbox in the first place?
Standard spam filters catch some Medicare phishing emails, but sophisticated attacks — especially AI-personalized ones — frequently bypass them. Email security platforms like Glance use multi-layer analysis that specifically identifies government impersonation patterns and flags them before delivery, giving you or a trusted family member the chance to block them.
Make Medicare Scams Someone Else's Problem
Glance's AI detection blocks Medicare phishing before it reaches your inbox. Free forever for one protected account.
Get Protected Free