As we get closer to a vaccine, research participant scams are on the rise. Chief Strategist Matt Barnett spoke to NBC10 Responds about the tactics these fraudsters are using to solicit "research study candidates" and how to avoid becoming a victim.
Vaccines are Trending
November has certainly had the world in a tizzy with the US election, the surge in COVID-19 cases, and now the buzz about viable vaccine candidates (all that and we're only halfway through the month). Popular topics in mainstream media become popular topics for scams and SPAMs for the same reason—they drive clicks. In the world of fraud it's a numbers game, more clicks equals more chances to solicit victims so the trending scams mirror the trending news.
SMiShing is Trending
Last month we published a blog post about attackers using text messages to trick victims into clicking malicious links from their phones. That article cited package delivery problems as a pretext (cybersecurity jargon for backstory) for the campaigns. You can check out that story to see the reasons why text message scams are so effective but for now it should suffice to say that they are highly-effective.
Never to miss an opportunity, fraudsters are now using vaccine candidates and clinical research studies as pretexts for their campaigns.
Putting it All Together
So what does a Clinical Research SMiShing campaign look like and how can you identify them? There are a few identifiers we can look out for but always keep what your parents told you in mind: "If it sounds too good to be true, it probably is." (Thanks for that one and many others mom)
According to Sam Hume, VP of Data Science at CDISC, "Trials are intentionally not big money makers." Sam notes that it is generally considered unethical for clinical researchers to offer much more than reasonable, research-related expenses as payment for participation. If you are interested in participating, Sam offers the following legitimate resources:
- A pseudo 1800 # area code (e.g., 850)
- Most drug studies offer less than $300 per visit and you have to be qualified, $1200 may be reasonable but expect a multi-year participation commitment
- Beware of vague domains and not those affiliated with legitimate pharmaceutical companies
- 'stop2stop' really? Most scammers miss getting the details right, look for spelling errors and sloppy extras in the message
You can watch the interview on NBC10's website by clicking here.
As a reminder, SEVN-X is committed to consumer safety. If you are concerned about the legitimacy of a message you receive, you can email us at firstname.lastname@example.org and an experienced cyber security expert can help you determine if a message is fraudulent.
About the Author
Matt Barnett, CISSP, GFCA
Chief Strategist & Cofounder
After years in IT, performing network and system administration, software development, and architecting cloud migrations, Matt began to focus his efforts in cybersecurity. Matt draws on his technical competency and law enforcement background to assist clients, in both proactive and incident response capacities. In addition, Matt has developed an arsenal of applications, strategies, policies, and procedures to assist clients in achieving better cybersecurity.