Fake HSA or FSA administrator claiming the health savings or flexible spending account balance will be forfeited if funds are not spent or claimed before the deadline — advance-fee or credential-harvest fraud; real HSA/FSA deadline communications come through authenticated benefit portals or postal notices, never cold email links claiming imminent forfeiture.

Fake HSA or FSA administrator (impersonating HealthEquity, WEX Health, Optum Bank, PayFlex, or Benefytt) claiming the recipient's health savings or flexible spending account balance will be forfeited if they do not spend or claim the remaining funds before the use-it-or-lose-it deadline — advance-fee or credential-harvest fraud targeting employee benefit anxiety. Real HSA/FSA administrators communicate account deadlines through authenticated benefit portals or postal notices; cold emails claiming funds will be forfeited unless the recipient clicks a link to "spend" or "claim" funds are either advance-fee fraud (leading to a fake spending portal that harvests payment details) or credential-harvest attacks. Distinct from employee-benefits-open-enrollment-phish (employer open enrollment period) and healthcare-insurance-sbc-phish (SBC document) — this targets the HSA/FSA balance-forfeiture / use-it-or-lose-it deadline narrative. Detection: HSA/FSA/health savings/flexible spending account balance + forfeit/expire/deadline/spend/claim vocabulary + no List-Unsubscribe + no In-Reply-To + not protected sender. Trash score: +3. Source: GC1-R26; IRS FSA use-or-lose rules (Rev. Rul. 2005-24); EBSA benefit account fraud advisory; FTC health benefit scam patterns 2025.