Covid-19 Contact Tracing Scams

Contact Tracing Scammers Are Still Active

With Covid-19 still very present in our day to day lives, many states have started to roll out contact tracing programs to help control the spread of disease. This is done by informing people who have come in contact with someone who has tested positive and warning them to watch for symptoms. But with anything new that starts, malicious actors are quick to jump on the bandwagon and exploit the chance to try and scam people out of personal and financial information.


These scams work by sending an unsolicited message to you via text, email, or a social media app. These messages will explain that you’ve come in contact with someone who has tested positive for Covid-19.  The message will instruct you to self-isolate and provide a link for more information. The link can contain malware that could cause harm to your device.


Another version of this scam involves a robocall claiming to be part of “contact and tracing efforts.” The call will inform you that you have come in contact with someone who tested positive for Covid-19. After you elect to speak to a representative, the “contact tracer” asks to verify your personal information. This starts with your full name, date of birth, but can quickly move to personal identifiable information and/or financial information.


Here are some tips to help tell if you are talking to a real contact tracer:

  • Contact tracers will ask you to confirm your identity, but not financial information. They will ask for you to confirm your name, address and date of birth. They may also ask about your current health, medical history, and recent travels. They will not ask for any government ID numbers or bank account details. 

  • Contact tracers will identify themselves. They should start the call with their name and stating that they are calling from the department of health or another official recognized organization.

  • Contact tracing is normally done by phone call. Not through social media or texting.

  • A real contact tracer will never reveal the identity of the person who tested positive. 

  • If you receive a link and are not sure if it is real, double check it. If the contact tracer is claiming to be from the government the URL should end in .gov (for the United States) or .ca (for Canada). 


If you live in Maryland, please visit https://coronavirus.maryland.gov/pages/contact-tracing for more information on Maryland’s contact tracing efforts. According to the link above, the caller ID for a Maryland contact tracer should be marked as “MD COVID”. If you do not have caller ID, the phone number you are looking for is (240) 466-4488.


If you do receive a message that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address or phone number is valid. Please forward the message (with the email headers) to security@umbc.edu.


How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970


For more information, please check out: 

https://www.bbb.org/article/news-releases/22560-scam-alert-covid-contact-tracing-work-inspires-copycat-scams


To read more articles published by DoIT visit: 

https://itsecurity.umbc.edu/critical/?tag=notice

https://itsecurity.umbc.edu/home/covid-19-news/?tag=covid19

Tags:

Posted: September 9, 2020, 7:52 PM