Contact-tracer spoofing is already happening – and it's dangerously simple to do

2020-06-02 08:29

British people will soon begin receiving random phone calls from so-called "Contact tracers" warning them about having been in close proximity with potential coronavirus carriers.

They'll call from a published phone number - 0300 013 5000 - and, bizarrely given the context, UK.gov promises its hired call centre won't "Disclose any of your personal or medical information to your contacts".

More to the point: publishing a phone number really doesn't guarantee that the caller is who they claim to be.

SMS and caller line identification information is straightforward to spoof if you know how, and with UK.gov publishing the number its callers will be using, there's now an increased level of risk; for the non-technically-adept, a call coming from a published government number is more likely to be taken at face value.

While methods have evolved in Blighty since 2015, the problem continues to plague the UK. In a statement, RSA Security's Ben Tuckwell agreed, adding some basic security advice: "Consumers can protect themselves by acting smart and pausing to consider each communication they receive, while remembering the three key smishing don'ts - don't respond to texts from unknown or unusual numbers; don't click on any links in text messages; and don't share any banking information, usernames or passwords or other personal details after receiving a text message, unless you can verify who you are speaking with." .

News URL

https://go.theregister.com/feed/www.theregister.com/2020/06/02/contact_tracing_spoofable/