We are dedicated to ensuring the safety and security of our study portal and your data used in our study. Criminals are constantly seeking new ways to steal your personal information, such as passwords or credit card numbers, by pretending to be someone you should trust. Scammers can use sophisticated approaches and can be sneaky and hard to detect. Some scammers can be remarkably persuasive. Here we review some common tactics that scammers use to try to steal your information, describe what you can do to protect yourself, and what we do to help protect you in our study.
- Be Careful with Emails and Messages
Scams often come in the form of emails or text messages that look like they are from someone you trust, like your bank, a friend, or may even pretend to be related to a research study you are participating in. Always check who the email or text is from. If it seems strange or unexpected, don’t click on any links or open any attachments. For example, if you get an email or text saying you won a prize for participating in a study but didn’t know about any contest, it might be a scam.
- Be Careful with Phone Calls from Numbers You Do Not Recognize
Often, scammers attempt to reach you by phone, from numbers that “look” legitimate, but aren’t. For example, they may use a number from an area code you are familiar with, but the number does not match a number you have called. The best action is to let the call go to voicemail. Don’t call back if it is an automated message requesting a call back. If they name a company or person you know, it is best to find a legitimate number directly from the institution or the person to avoid falling into a trap. As part of our research study, we will never call you without your explicit permission or request (e.g., if you send us an email or if you call us and leave a message). We do not use any automated systems when making phone calls.
- Look for Clues
Phishing emails, texts, and calls often have some clues that they are fake. Look for spelling mistakes, weird language, or unexpected accents. Real companies and research teams usually don’t make these mistakes. Also, check the email address or phone number. It might be a scam if anything looks strange or doesn’t match the official contact information you were given. Do not click or respond. Just delete the message or hang up.
- Do Not Share Personal Information
Never give out your personal information, such as your password, Social Security number, bank account number, or credit card number, in response to an email, voicemail, or message. Never confirm any information about yourself if directly requested to validate who you are, e.g., if they ask to confirm your name, address, or if you own / rent – just ignore them. Real research teams will never ask for this information over email or phone. For example, if an email asks you to confirm your Social Security number to receive a research reward, it’s likely a scam.
- Use Strong Passwords
Create strong passwords that are hard to guess. Use a mix of letters, numbers, and symbols. Don’t use the same password for all your accounts. This way, even if one account is hacked, the others will still be safe. This is why our study requires complex passwords. We highly recommend utilizing password managers (e.g., 1Password) and passkeys, where available.
- Enable Two-Factor Authentication
Two-factor authentication is like having a second lock on your door. Even if someone knows your password, they still need another piece of information to get into your account, like a code sent to your phone. This makes it much harder for scammers to access your accounts. In our study platform, we always require a code to be entered. You can further enhance your account by also adding an additional factor, e.g., to receive a phone call or text. When available, using biometrics such as Touch ID or Face ID can further enhance your security posture.
- Keep Software Updated
Make sure your computer and phone software are up to date. Updates often include security fixes that help protect you from phishing scams and other threats. This includes updating your phone or computer’s operating system and browsers.
- Be Skeptical of Urgent Requests
Phishing scams often try to make you act quickly by saying something urgent, like “Your account will be closed!” or “You need to call us immediately!” Take a moment to think before you act. Remember, legitimate research teams will not call you unexpectedly asking for personal information. Contact the research team directly using a phone number or website you know is real, not the one in the email. Check out the study website directly.
By following these tips, you can protect yourself from phishing scams and keep your information safe, even when you are participating in research studies. Remember, it’s always better to be cautious and double-check anything that seems suspicious.
How we protect participants in our study:
- Informed Consent: Before any data is collected, participants must read and sign an informed consent form. This document explains the study’s purpose, how the data will be used, and how the participants’ privacy will be protected.
- Data De-Identification: Before working with your data or sharing it with collaborators, we remove any personally identifiable information (PII), a process known as de-identification. For example, names are replaced by randomly generated IDs, and addresses and emails are removed. That reduces the vulnerability of our study data, since the genetic, survey, and other health data cannot be connected back to you. Data about you is always encrypted.
- Secure Data Storage: We store the study data in encrypted databases with restricted access. This means only a limited number of authorized personnel can access the data.
- Restricted 3rd-party systems: When we use IT tools provided by companies, we require them to adhere to stringent information security and application security standards, such as HITRUST v9.3+, SOC-2, and ISO-27001. The research team directly controls these tools. Data is always encrypted in transit and at rest. If a research participant withdraws and decides to delete their data from the system, all 3rd party system data is subsequently removed.
- Ethical Guidelines and Oversight: Our research studies are overseen by the Rutgers University Institutional Review Board (IRB). This body ensures that the study complies with ethical guidelines and that participants’ rights and privacy are protected.
- Regular Audits and Compliance Checks: The research study platform undergoes regular audits and compliance checks to ensure that data protection measures are up to date and effective.
If you are ever unsure about the legitimacy of a communication related to our research studies, please contact us.
For more information about email and online scams:
https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
https://www.cisa.gov/secure-our-world/recognize-and-report-phishing