Got a health survey call from BRFSS?

TL;DR: Noping out of a probably-not-a-scam scientific study that should benefit everyone, with the ongoing realization that I can’t currently trust the fucking CDC not to do me or my family harm instead of good in the current administration. Takeaways:

• BRFSS needs to get with the times and provide a robust way to prove “this isn’t a scam” before asking for highly personal information.
• Can you trust the current government not to misuse it? Probing questions about gender identity, substance abuse, abortion, nationality and citizenship-adjacent metrics… what could possibly go wrong?

I try not to get into overtly political topics here, but there’s no dancing around the devastation currently being wreaked in the Oval Office for this one.

So, just before the holidays I got a call from an unrecognized number in a local area code, 857-336-8906 (Unrecognized numbers = 99.9% spam robocalls, straight-to-voicemail with ya). But unlike 99.9% of spam robocalls, it actually left a voicemail, about an unsolicited health survey. Scam, right?

A few days later I get a call from the same nearby area code, but this time I’m expecting a legitimate call from there, and pick it up. It’s the same health survey, that after a bit of explanation, purports to be from the (correct) state’s Department of Health as part of the CDC’s Behavioral Risk Factor Surveillance System (BRFSS). Apart from the unfortunate naming on two counts¹, BRFSS is/was a legitimate, and important, CDC-run research initiative covering a range of topics including behavioral and mental health, lifestyle, eating habits, substance abuse, and health equity. Again, good stuff. Right?

With the potential-scam bells ringing in my head, morbid curiosity and the naïve hope that I’m hearing proof that science still lives somewhere behind the blood-stained showercurtain of our current government won out, and I kept talking for a bit to see where this went.

While listening to the initial spiel, searching up the number and details reveals some scam warnings of calls from spoofed CDC/HHS numbers asking for the usual identity-theft data, alongside with others (Reddit users) asserting the legitimacy and importance of BRFSS surveys. (Searching this number no longer turns up those results, only two weeks later. Thanks, Google.)

How The Call Went

The survey began with a brief spiel which more-or-less followed this published script from a prior year with some minor variations. This one was conducted on behalf of the MA Department of Public Health (Health Survey Program), mentioning a (University?) partnership that was too fast to catch, and quaintly rattling off the number shown on the Caller ID as proof this is a legitimate survey since “it could be checked on the website” (or something to that effect). Again according to script, the surveyor mentioned that this is an anonymous survey, that your phone number was “chosen randomly” and responses will not be used to identify you.

(It should go without saying that the scripts are public knowledge, Caller ID is trivial to fake and that name-number databases are the absolute tip of the data broker iceberg. However, after confirming some basic public information, the questions turned out to be so oddly-specific and banal that I concluded it was indeed a real BRFSS survey – a scammer would not risk their bounce rate on so many questions about e.g. your “awareness of hypertension” before going for the PII jugular.)

I won’t give a blow-by-blow, but the questions indeed closely followed the prior-year script – how this works is the survey is administered by individual US states and is composed of a standardized core questionnaire—where some questions are asked every year and others are asked every other year—and optional modules that can be chosen by states and include state-specific questions and emerging needs. Two notable portions, though:

• The survey did indeed go on and on. Having picked up the call while at work, at one point I asked, “Sorry, how much longer is this?”, and the surveyor mentioned the modules, and that as long as you keep answering it will just keep “adding on modules” – another tell that this was probably not a ruse to get my social security number after all.
• There’s a script, and the surveyor followed it to the letter, moreso than an AI-generated voice trying not to sound like a robocall might. For example, answering ‘Yeah’ to a question would be responded with an “I need a yes or a no”, or numerically ranged questions required you to respond with the exact range option, e.g. “How many alcohol drinks do you have in a week?” “Hmm, 2 or 3 maybe?” “I need you to select one of ‘zero’, ‘between one and three’, …”²

Anyway, where this survey ended for me was when they started asking about my kids. Still with the spidey-senses tingling, I responded, “I’m not comfortable answering questions about my kids.” Again with a script to follow, the surveyor just plainly ignored this and proceeded with the first question, concerning the gender of one of my kids by name. Given that the official CDC website has the following message front-and-center, it dawned on me all the ways this “anonymous” information could trivially be abused by the current administration, which has repeatedly demonstrated its willingness to do just that.

Sorry, science. Maybe in another few years.

Unsolicited bonus advice to BRFSS: This sounds like a scam!

Seriously, an out-of-the-blue unpaid survey, during work hours, that is expected to run on for 30+ minutes is already a pretty tall ask, even for people above the poverty line. Notwithstanding my attempts above to convince myself I didn’t just give a bunch of personal details to an identity thief or data brokerage in disguise ready to make a mint (and my life miserable) selling it to my health insurance provider, it’s 2025 FFS, scam calls are the norm and this call tickles pretty much every “don’t engage” alarm bell one could ring. The idea of using the outgoing number / Caller ID as evidence of legitimacy is laughable.

Seriously, BRFSS needs to up its “prove this isn’t a scam” game to avoid selection bias toward clueless grannies and naïvely optimistic science nerds. I’m not a professional by any stretch, but off the top of my head, how about a unique code that you can type into an official government website along with the last 4 digits of the called number, and it shows the rest of the number?

1. Besides a government “Behavioral…Surveillance System” sounding like the setup for 87% of dystopian thrillers, who picks a name for their health study that acronyms to “throws up”? ↩︎
2. This is the moment I remembered likely-apocryphal stories of scam calls getting a recording of you saying the word “yes” in order to fake your consent to something else, and definitely non-apocryphal stories of calls gathering enough unique voice samples to deepfake your voice in a scam call to a coworker or relative. ↩︎