Posted by Guest on July 09, 2019 in Blog

Last time in our series on disinformation and interference in the 2020 census, we discussed disinformation and several varieties of inaccurate information that may appear (or reappear) in 2020. However, as we said in our second post in our series, the Census Bureau is anticipating multiple kinds of interference with the census, including phishing, which can be considered a form of disinformation.

Phishing is when an attacker pretends to be a known entity to trick targets into voluntarily giving up sensitive data. For example, attackers may pose as a credit card company and ask for credit card numbers, verification codes, passwords, or Social Security numbers. Phishing attacks are one of the most widespread forms of cyberattack, and they’re frequently successful – ordinary consumers lost over $50 million to phishing scams in one year. Phishing has also been used for political purposes, such as the 2016 DNC email hack, which originated from a phishing email sent to John Podesta.

Phishing is just the latest variant of long-standing census scams, such as fake Census workers asking for Social Security numbers and fraudulent mailing forms asking for financial information. In 2010, the first online phishing scams posing as legitimate Census surveys appeared, and their numbers will likely only increase now that there is an official Census website to pose as. This is a tactic known as website spoofing, involving the creation of a website with the intention to mislead visitors into believing the website belongs to a certain organization or business.

In addition, like the IRS and other federal agencies, the Census Bureau will never contact US residents by email. Instead, the Bureau will mail paper letters with the correct URL to all addresses it has identified as occupied, followed by paper forms if households do not respond electronically. Any email claiming to be from the Census Bureau is falsified and should be deleted.

While census forms themselves may contain highly personal information, such as income level, home value, and the last four digits of your Social Security number, the Census Bureau has published a list of information that they will never ask for, but which scammers often seek out:

  1. your full Social Security number
  2. money or donations
  3. anything on behalf of a political party
  4. your full bank or credit card account numbers
  5. your mother’s maiden name

In anticipation of phishing, the Census Bureau has taken over 100 URLs that they feared might be used as part of a website spoofing scheme. These are URLS such as 2020census.com or 2020census.org, which closely mimic official .gov Census URLs and would likely be prime targets for scammers or political actors looking to interfere with the census.


Source: https://www2.census.gov/cac/nac/meetings/2018-06/smith-cybersecurity.pdf\


However, while the Census Bureau can mitigate phishing attempts by taking control of URLs, they cannot entirely protect respondents against scams. The best defense against phishing attempts to disrupt the 2020 census is to be familiar with financial scams and online vulnerabilities. While 2020 will see new variations on phishing tailored to the census, they will certainly be based on tried-and-true phishing techniques. The Census Bureau already plans an extensive advertising campaign in partnership with community organizations, and information on scams and the official Census method of directing respondents to the online survey will be invaluable in combatting this particular form of disinformation. Initiatives to help teach people about digital literacy, such as Philadelphia’s Digital Literacy Alliance, will be invaluable, as will resources on recognizing scams.

In the coming year, using existing tools and organizations to learn about the forms common scams can take and how scammers exploit lack of knowledge about online security will be key. There are several resources listed at the end of the article, but Census community partners, particularly local libraries, are vital resources for helping respondents get online and get out the count.

  1. Online Safety Basics: Spam and Phishing
  2. Common Email Scams
  3. Report Phishing and Online Scams
  4. Browse Digital Literacy Resources

All posts in this series are guest authored by Summer 2019 Ph.D. Fellow Emma Drobina. 

Disinformation and the Census Series 

Lies, Damned Lies, and Disinformation

An Introduction to Disinformation, Interference, and the 2020 Census

Misinformation and the Census

comments powered by Disqus