DOJ Warns of COVID-19 Contact Tracing Scams

The Department of Justice published a warning yesterday alerting the public of contact tracing scams. Issued jointly with the Department of Health and Human Services and the Federal Trade Commission, the press release details how scams appear, how they operate, and what information is at risk, including bank account information and Social Security and credit card numbers.

Contact tracing systems require individuals to send their personal information to state health departments so infected people can be identified. The Department’s recent warning clarifies that health departments “will not text individuals asking them to call a telephone number or to click a link.” Scammers often send emails and text messages containing fake links that often persuade targets to provide sensitive information. While state health departments frequently communicate via text message or email with individuals who have been infected with the disease, they do not send links. 

“Clicking on a link in the text message or email will download malware onto your device, giving scammers access to your personal and financial information. Ignore and delete these scam messages,” writes the Department. “Remember, real contact tracers will never ask for a Social Security number, bank account number, or credit card number, and will never ask for payment.”

Deputy Attorney General Jeffrey A. Rosen explained that the contact tracing scams remain a threat as the country gradually reopens from COVID-19. “As cities and states start to reopen for business and implement contact tracing measures in their reopening plans, the Department of Justice remains committed to preventing, prosecuting, and punishing rogue actors who seek to exploit these safety efforts and who attempt to steal money and sensitive information from citizens,” he said.

Tech companies have begun the development of contact tracing apps to fight the pandemic. Congress has introduced legislation to fight privacy concerns. Apple and Google have also enacted internal policies to protect privacy.