Is That Email from the U.S. Census Bureau or a Cyber-Thief?
Last updated August 28, 2020
Conducting the once-a-decade census during the COVID-19 pandemic has created enormous challenges for the federal government. With just about a month to go (data collection is set to end September 30), the national response rate is about 80 percent (as of August 27), according to the U.S. Census Bureau.
To encourage people to fill out their census forms, the bureau is emailing more than 20 million households in low-response areas. The email campaign, which started at the end of July, encourages recipients to fill out the form online.
“Your community’s future will be shaped by your census response,” the message says. “The time is now—don’t risk losing these critical benefits and don’t wait to be counted! Respond today at 2020census.gov.” (The hyperlink takes you to the Census Bureau’s website.)
Wait a minute: An email from a government agency encouraging you to click on a link, go to a website, and provide personal information? That violates two of the cardinal rules of digital safety:
- Don’t click on links, open attachments, or authenticate yourself when you haven’t initiated the interaction.
- The federal government does not make first contact via email.
Checkbook shared the Census Bureau’s news release announcing the email campaign with some of the country’s top digital security experts. They all agreed: This is a bad idea that creates an opportunity for cyber-criminals.
“While the 2020 Census is crucial to the proper functioning of our democracy, so is common-sense cyber hygiene,” said Adam Levin, founder of CyberScout, a data security firm, and author of Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves. “Asking people to click on a link to get a form that they then have to fill out with personal information is at best reckless, and in the worst-case scenario, could expose people to identity theft as well as spyware, ransomware, and other malicious software.”
Pam Dixon, executive director of the World Privacy Forum and an internationally recognized expert on data privacy, called the government’s decision “problematic.”
“To think that fraudsters are not going to take advantage of what the Census Bureau is doing is extraordinarily naïve,” Dixon told Checkbook. “If the fraudsters find out about this, as I suspect they will, they will create sophisticated spoofs and will try their hardest to fool people into clicking malicious links in their look-alike emails.”
On its website, the Census Bureau explains how to verify that an email is legitimate. “The email messages will come from [email protected],” it says.
Looking at the sender’s email address is something we should always do, but it’s not good enough, Dixon said. The fraudsters have gotten so good that it’s “very difficult,” even for digitally savvy people, “to know when an email is a fraud and when it’s not.”
Checkbook contacted a former fraudster about this. Brett Johnson, who was on the Secret Service’s 10 Most Wanted List in 2006, is now a respected internet security consultant.
“Once again, the U.S. government illustrates they have little understanding of proper cyber security. Let the fraud begin,” Johnson said. “Sending out emails like this with links to click does nothing but boost the success rate of criminals worldwide. It’s madness.”
The Census Bureau Responds
Checkbook contacted the Census Bureau to find out about the potential fraud risk these emails might create. We received this statement:
“The safety and security of everyone’s personal information is of the utmost importance at the U.S. Census Bureau. Census Bureau employees are sworn for life to protect everyone’s personal information. We have also taken numerous measures to inform the public, if they receive an email from the U.S. Census Bureau, how they can tell it is legitimately from us. We have also taken every step to inform the public that the Census Bureau does not ask for personal information like, your full Social Security number, your bank account or credit card numbers, and money or donations.”
What to Do If You Get an Email from the Census Bureau
The census is important. It will determine congressional representation, help guide hundreds of billions in federal funding, and provide data that will impact communities for the next decade.
We all need to be counted, but we need to do it the right way.
“It’s always best to go to the source,” said Eva Velasquez, president and CEO of the non-profit Identity Theft Resource Center. “If you have already filled out the census, then you do not need to respond or engage with that email. If you haven’t done it, simply go directly to the census website at 2020census.gov.”
You can also complete the form with help from a census questionnaire assistance representative by calling 844-330-2020.
There are 12 questions on the 2020 Census form. They deal with housing (type and number of people in the household), phone number, date of birth, sex, race, and ethnic origin.
Contributing editor Herb Weisbaum (“The ConsumerMan”) is an Emmy award-winning broadcaster and one of America's top consumer experts. He is also the consumer reporter for KOMO radio in Seattle. You can also find him on Facebook, Twitter, and at ConsumerMan.com.