Scammer, Beware: Potential Census Vulnerabilities
2020 is well upon us and marks some significant events for us across the nation. Not only is it an election year, but this year brings about the 24th National Census. This iteration of the Census is also significant, as it is the first to be conducted with the option to respond online as well as by phone or mail. The Census Bureau has been hard at work to ensure the protection of our personal information, but that does not stop scammers from attempting to take advantage of this opportunity. This event could be very lucrative for scammers using both technological and social engineering-based attacks.
There are steps you can take now in order to protect yourself from becoming the victim of a scam or possibly having your identity stolen. First, familiarize yourself with the Census process, ensure you are speaking with actual Census workers, never hand out certain personal information, and if opting to use the online response, ensure you are connected to the appropriate site.
To begin with, some important dates to keep in mind through this process are 15 March through 1 April and 1 May through 31 July. The Census Bureau will begin sending out notifications to take part in the Census on 15 March. The notifications should be completed by 1 April, which has been designated as Census Day. Then beginning in May until the end of July, the Census Bureau will begin to reach out to anyone who has not previously responded to the Census. With these dates in mind, your first level of protection is knowing the Census Bureau will only be trying to reach you during the middle of March to early April and subsequently from May to July if you had not responded originally. Any contact from someone claiming to be a part of the Census outside of those dates should be suspect.
The Census Bureau is sending out initial notifications over traditional mail. Any contact over the phone, email or other electronic sources should not be trusted. Scammers are likely to start sending email notifications with legitimate looking graphics and information as a means to conduct phishing attacks. These phishing attacks could lead potential you to various types of follow-on attacks. For example, using phishing, scammers can trick potential victims to go to malicious websites. From there your information can be harvested and used to later for identity theft. Email phishing attempts can also be used to try to get you to click on links or open/view files that will then install malware onto the your computer. When viewing any email, it is always a good practice to avoid clicking links or opening files unless you can absolutely trust the source of that email.
While the Census is collecting a lot of personal information, there are limits to what you can expect to be asked. There is an example of the Census available at 2020census.gov that you can familiarize yourself with. When responding to the Census or a Census worker, you should not be asked to provide any banking or financial account information, credit card numbers, Social Security numbers or credentials (login/passwords) for any of your accounts.
Census workers may be working in your neighborhood beginning in April. Just like with any other government agency, workers will have a displayed Identification Badge. That badge will have the worker’s photograph and a U.S. Department of Commerce watermark. The Census Bureau’s website also mentions workers could be carrying other supplies or bags with the Census Bureau’s logo. With Census workers being out and about, there are opportunities for scammers to impersonate workers and attempt to solicit personal information. Be wary of social engineering attempts and always ask for an ID before engaging in a conversation. Keep in mind, just like with the questionnaire, no worker should be asking for account numbers, credit card information or account credentials.
Lastly, if choosing to respond online for the Census, follow the instructions carefully from the Census Bureau. Scammers and hackers in the past have used typing mistakes in URLs to redirect users to malicious websites. Scammers will register domain names that are close in spelling, for example goooogle.com, to catch victims that mistype URL (Uniform Resource Locator) or web addresses. Additionally, all interaction through Census webpages should be encrypted, meaning that within the URL bar of your browser you should see “https” and not just “http”. By using webpages with “http” only, the communication between your device and the server could be easily compromised.
This is an exciting time, as more and more of our everyday lives are conducted online. But with this transformation newer risks are present and need our attention so that we do not fall victim to these potential scams.