In case you missed it, Tessian recently published a blog around the most common types of Tax Day scams in both the US and the UK.
Unfortunately, though, these aren’t the only opportunistic phishing attacks bad actors are carrying out this time of the year. They’re also launching Census scams.
As they do in Tax Day scams, cybercriminals will be impersonating government agencies. In this case, you’ll find they’re generally impersonating either the U.S. Census Bureau or an agent, or a third-party agency working for the U.S. Census Bureau.
What do Census scams look like?
Hackers have a range of threat vectors they can use to carry malware or gain access to sensitive information. In the past, we’ve seen attacks via email, phone, social media, job boards, and even traditional mail.
The common thread between all of these attacks is the request for sensitive personal information like home addresses, social security numbers, ethnicity and information related to the members of your household. This information could be used to make you a victim of identity theft.
It’s important to remember that attacks may not ask directly for this information and may instead direct you to another webpage or portal via a link or QR code.
In this post, though, we’ll focus on email scams.
Example: Email Survey Scam
What’s wrong with this email?
- The US Census Bureau conducts surveys online, over the phone, via mail, or in-person, not via email.
- While the Display Name looks authentic, the full email address is suspicious and inconsistent and doesn’t match the legitimate domain, which is @census.gov.
- Upon hovering over the link, you’ll see the URL is suspicious. Not only is the website connection not secure (remember: https indicates a secure connection), but the format and website name are both unusual.
Who will be targeted by Census scams?
Because it’s mandatory for all households to participate in the census, every US resident over 18 years of age is at risk of being targeted. That means that over the next several weeks, everyone in every state needs to exercise caution when responding to a request for personal information that appears to be coming from the U.S. Census Bureau or an affiliated individual or organization.
What do I do if I’m targeted by a phishing attack?
While it’s true that attackers use different tactics and capitalize on different moments in time to trick their targets, individuals should always follow the same guidelines if they think they’ve received a fraudulent request for information, whether by mail, email, SMS, or another online forum.
- If anything seems unusual, do not follow or click links or download attachments.
- The best way to avoid falling victim to one of these scams – whether over email, online, or over the phone – is to simply not provide any personal information until you verify with 100% certainty that you’re communicating with a genuine agency, organization, or agent. Visit the organization’s website via Google or your preferred search engine, find a support number, and ask them to confirm the request for information is valid.
- If you’ve been targeted, report the attack to the Census Bureau. Call 1-800-354-7271, in English, or 1-800-833-5625, in Spanish.
The best way to stay safe is to stay informed.
The Census Bureau has issued its own advice on how to stay safe from phishing scams online and over the phone. Read their tips here.