As the coronavirus (“COVID-19”) testing increases across the country, state health departments have been implementing contact tracing to contain viral spread. Contact tracing identifies and monitors individuals who have come into contact with others who have tested positive for COVID-19. Typically, contract tracers work with infected individuals to obtain the contact information for everyone with whom they recently came into contact. Contact tracers often will send an initial text message to let these individuals know that they will be calling. A legitimate contact tracer will never ask for money or personal information, like a Social Security number, bank account number, or credit card number. For a discussion of best practices that makers of contact-tracing apps should consider, see Troutman Sanders’s article here.
Unfortunately, scammers posing as contact tracers have started sending text messages of their own. These fraudulent messages often ask the recipient to click a link, designed to install malware on the device. Malware exposes the user’s personal and financial information to theft.
To combat this fraudulent activity, the Federal Trade Commission recently released tips for individuals to proactively avoid such scams:
- Ignore and delete suspected scam messages;
- Filter and block scam messages – some cellphones have the option to filter and block unknown numbers or spam. However, if a phone does not have such an option, wireless providers or call-blocking apps may allow users to block unwanted messages;
- Use a multi-factor authentication – a multi-factor authentication requires two or more credentials to log in to an account, making it difficult for scammers to gain access;
- Enable auto updates for operating systems and apps; and
- Back up data on devices regularly so that valuable information is not lost from scammer attacks.
By following these tips, technology users effectively protect not only individual data, but company data as well.
Businesses specifically should consider implementing further steps to protect against cyberattacks, such as:
- Sending out frequent reminders to personnel about cybersecurity threats;
- Updating incident response plans in case there is a security breach; and
- Reviewing cybersecurity insurance policies to assess whether a security breach is covered and how to engage a carrier.
For further discussion on security safeguards against cybersecurity attacks, including phishing attacks, see Pepper Hamilton’s article here and Troutman Sanders’s articles here and here.