Wednesday, 3 June 2020

COVID contact-tracer spoofing is already happening. Watch out for scam artists!


British people will soon begin receiving random phone calls from so-called "contact tracers" warning them about having been in close proximity with potential coronavirus carriers. One of many problems with this scheme is it's dangerously easy to pose as a government contact tracer.

As detailed by the NHS, contact tracers will phone up and text people who report coronavirus symptoms to the government and demand lots of personally identifiable information – including information on other people.

What safeguards are in place? Er, not many. They'll call from a published phone number – 0300 013 5000 – and, bizarrely given the context, UK.gov promises its hired call centre won't "disclose any of your personal or medical information to your contacts".

Such a scheme bears all the hallmarks of cold-calling scammers, and indeed has already been used for that exact purpose. More to the point: publishing a phone number really doesn't guarantee that the caller is who they claim to be.

SMS and caller line identification (CLI) information is straightforward to spoof if you know how, and with UK.gov publishing the number its callers will be using, there's now an increased level of risk; for the non-technically-adept, a call coming from a published government number is more likely to be taken at face value.


No comments:

Post a comment