-By Angelica Wedell-
It circulated all over the Internet; an article claiming that “a National Research Center” is paying people $3,000 to use marijuana for a medical study. The article even went so far as to name-drop legitimate organizations (including NRC) in attempts to make these claims seem credible.
NRC was confused when inquiries began to come through our communication lines, so we decided to look into it. As the state of Colorado has legalized marijuana (medicinal and recreational), perhaps there could be something real about such a study. So we directly contacted the other organization mentioned in the “money for marijuana” article, the National Institute on Drug Abuse (NIDA). The representative at NIDA confirmed that the study, claiming to pay participants money to use marijuana, is a fake, hatched on the Internet.
We reached out to cyber security expert James Carder, Vice President of LogRhythm Labs and CISO of LogRhythm, a security intelligence company, to find out more about these types of scams. “It happens all the time,” Carder said. As it turns out, hijacking real companies’ names to appear legitimate is a common scam tactic. To gain their victims’ trust, scammers will reference genuine businesses. They then move to trick their victims into revealing their personally identifying information (Identity Theft), sending money, sharing account information or clicking on email links leading to viruses that target sensitive information (Phishing Scams). These scams may aim to attack a certain company, or they may be designed to steal money and information from individuals. “In the case of phishing campaigns, scammers tend to use either a variation of the [target] company’s name itself or they will impersonate another reputable company,” Carder explained. “Outside of phishing, the scammers can lure you to a fake website that’s intentionally made to look like it’s owned by a company you recognize.”
“Often scammers will use a website [or email address] that’s similar but not exact,” wrote the Better Business Bureau (BBB) in the Scam Stopper section of their website.
What Can Companies Do?
Scams like this are widespread, but there are ways companies can react when their good name is used for nefarious purposes. Carder recommends purchasing services that look for scammers using domain names that look suspiciously close to yours. “Often times they can prevent the registration from taking place or at least alert you so that you can take appropriate action,” Carder said. Instances of fraud can also be reported to the domain registrar. “If you call them, just mention the word ‘fraud’ and you can usually get scam sites taken down.”
“[If they spot a fraudulent website or email] I’d highly recommend that [employees] call their company’s information security group and report it. Let them take the necessary action to investigate. Most people don’t realize that this step alone could save your organization from a potential disaster in the making,” Carder said.
LogRhythm professional services engineer, Nathan Riley, said that companies can also take extra measures to help protect their clients. Organizations can alert customers to scams that they have spotted, and let people know what is fake and what is real. “Companies should have systematic practices to protect themselves and their clients against security breaches,” said Riley. “Train your entire staff how to be secure online.” For more information on cyber security for businesses, visit LogRhythm.com.
What Can Customers Do?
Those people who contacted NRC directly to find out if the “money for marijuana” study was real, did the right thing. The Better Business Bureau recommends that whenever in doubt, customers should look up the real company website or contact company representatives directly to learn the truth. Carder encourages individuals to be leery of suspicious emails. “If you don’t know the person, then delete it. If you know the person, then call them up and ask them if they really sent you the email.” Carder added that a number of websites (like Virus Total) can be used to check if a suspicious web article has been reported elsewhere as a fraud site.
So Who is National Research Center Anyway?
National Research Center, Inc. (NRC) is a research and evaluation firm specializing in survey data collection and analysis. We work with local governments, non-profit organizations and more. NRC empowers communities by providing them with the information needed to take the best possible actions. Our innovative survey products are used to benchmark best practices, enhance performance, improve public opinion, increase revenue and plan for a better future. We also provide an email newsletter periodical, The Civil Review, which features our top stories regarding leadership, research and government.
National Research Center, Inc. does not transact payments through our website: n-r-c.com. Nor will we ever contact you to ask for personally sensitive information like social security numbers. When conducting surveys, we keep individual survey responses in strict confidence and results are only reported in the aggregate. To ensure that results are statistically representative of the entire community, surveys are sent to randomly selected households. We do not collect personally identifying information in our surveys, and individual data is never shared with other parties.
We are not conducting a study which pays participants money to use marijuana.