Survey: Sketchy Coronavirus Messages Impersonate CDC, WHO Officials

Survey: Sketchy Coronavirus Messages Impersonate CDC, WHO Officials
Graphic: Nathaniel Blum

In the wake of the coronavirus pandemic, there’s been an outbreak of suspicious messages from sources who claim to be government health officials and private health providers, according to a recent survey of more than 2,000 Americans.

Top takeaways

  • BeenVerified found 29% of respondents received suspicious messages purported to be from government health organizations, such as the CDC or the WHO, followed by healthcare providers (15%) and state or local government officials (11%). Dubious messages from sources claiming to be from e-commerce sites, financial and insurance companies also were common (11% each).
  • Email is the top tool to transmit suspicious coronavirus messages. BeenVerified found 63% of respondents received questionable coronavirus messages were targeted by email, followed by phone calls (13%), text messages (11%) and social media messages (7%).

In all, 15% of the survey’s 2,320 respondents reported receiving some kind of suspicious correspondence related to the coronavirus pandemic.

Fraudulent messages are often phishing campaigns, where criminals mimic trusted institutions or businesses to lure victims into revealing vital data such as Social Security numbers, passwords, bank account numbers or other sensitive information to steal cash or even the victim’s identity.

“Scammers have a ready playbook to mimic government officials—as our previous studies show, they have been impersonating IRS and Social Security Administration officials for years,” said Justin Lavelle, spokesman for BeenVerified. “For fraudsters, this is just a flip of the script to take advantage of people’s heightened sense of fear during the pandemic.”

Scam messages: Who did they claim to be?

As noted above, government health organizations, health care providers and state and local governments were the most common source of suspicious messages. Also common were fake messages from e-commerce sites and financial institutions or insurance companies.

About 4% of suspicious coronavirus messages came from sources who claimed to be law enforcement officials or from travel/airline companies.

“Even before the coronavirus hit, we were seeing a raft of bogus messages on our Spam Call Complaint Monitor claiming to be from Amazon and FedEx,” Lavelle noted. “More recently, we’re seeing a spike in complaints about messages purporting to be from Netflix threatening to close user accounts—which, considering most Americans are sheltering at home, is bound to raise alarm bells.”

Scam messages graphic

Three major types of coronavirus impersonation scams

  1. CDC impersonation scams CDC impersonation scams. The CDC has warned of both voicemails requesting bogus donations and, perhaps more worrying, email phishing scams that download malicious software onto a victim’s computer. The con is typically delivered through an official-looking email that has an attachment purporting to provide updated health information from the CDC. When a victim opens the attachment, they unwittingly download viruses or malware onto their computer, potentially exposing their sensitive information.
  2. Coronavirus SSA impersonation scams Coronavirus SSA impersonation scams. The Office of the Inspector General from the Social Security Administration has warned of a new twist on the SSA impostor scam. COVID-19 SSA impersonation phone scams have relied on generating confusion among victims by suggesting that SSA benefits may be suspended or discontinued due to the coronavirus economic crisis. Other approaches have offered victims bogus benefit increases in exchange for a payment.
  3. Contact tracer impersonation scams Contact tracer impersonation scams. The newest type of coronavirus impersonation scam relies on con artists impersonating contact tracers and targeting victims via text messages. The FTC has warned that unsolicited text messages claiming to be from official agencies in charge of contact tracing are targeting victims and attempting to entice them to click on links, which may expose their mobile phones to malware and viruses and, unwittingly, reveal their personal and financial information.

Email most common type of bogus coronavirus messages

Email is the top way people are receiving dubious coronavirus messages, our survey suggests, accounting for 63% of suspicious communications. That’s followed by phone calls (13%), text messages (11%), social media messages (7%) and in-person approaches (2%).

“Email as the top method is disconcerting, as our recent data breach study found nearly six in 10 email accounts have been compromised,” Lavelle said. The email hack study further showed that 88% of users were unaware that their email information was leaked onto the dark web, the dodgy end of the internet where cyber criminals mine for potential victims.

Coronavirus spam messages by type

The CDC and the WHO have both issued warnings about scam attempts during the coronavirus outbreak. On April 27, the Federal Trade Commission reported nearly 28,000 coronavirus-related complaints so far this year, bilking victims of more than $20 million.

The FTC offers these tips to try and avoid coronavirus scams:

  • Ignore offers for vaccinations and home test kits, as scammers are selling products to treat or prevent COVID-19 without proof that they work.
  • Hang up on robocalls, which often open the door for crooks to steal your information or money.
  • Research nonprofits before you decide to donate (ftc.gov/charity).
  • Watch out for phishing emails and text messages.

“No matter how the message is carried, it’s important to trust your gut feeling if you have doubts about the communication,” Lavelle said. “Never respond nor click on links contained in the message; if you have any doubts, contact the company or institution directly.”

Methodology

BeenVerified conducted the survey by email from March 14 through April 27, 2020. There were 2,320 respondents from 34 states. For more information or press inquiries, please contact Justin Lavelle (justin@beenverified.com).

About BeenVerified

BeenVerified’s mission is to help people discover, understand and use public data in their everyday lives. BeenVerified and our associated websites curate dozens of public data sources and proprietary data sets to give people easy and affordable access to billions of public records.

Disclaimer: The above is solely intended for informational purposes and in no way constitutes legal advice or specific recommendations.