A plethora of Coronavirus phishing scams has developed alongside the milestones of the events taken place in the past twelve months. In March 2020, we saw Coronavirus phishing scams such as false preventative measures appearing from the World Health Organisation, false cases specific to the location and spoofed internal messages from organisations to its employees.
Now as we enter the critical phase of vaccinating, we are seeing some of the worst scams yet. See some examples of vaccine scams below and read the tips to help prevent you or your loved ones falling for one of these terrible cyber attacks.
‘You are eligible for the vaccine’ SMS message
Cybercriminals alter their attack vector to give them the greatest chance of success. SMS (or text) messages have been a growing trend for specific cyber attacks over the years and have been utilised in the scam below. SMS phishing, also known as Smishing, is a very effective way to get a victim to click a phishing link.
SMS messages have been used extensively throughout the battle against the virus, particularly in the testing process, so it is no surprise that criminals are using it here to falsely notify you that you are eligible for a vaccine.
Firstly, it is important to be kept up-to-date with the latest facts around how the vaccine is being rolled out across the UK.
Currently, it’s being given to:
- people aged 80 and over
- people who live or work in care homes
- health and social care workers at high risk
Just this week it was announced that vaccinations will begin for over-70’s in England.
Tips to not fall victim to this attack
- If you are not in one of these categories and have received a text message similar to the one pictured above, you should treat it as suspicious.
- The NHS will inform you when it is your turn to have the vaccine in the form of a letter, either from your GP or the NHS and not via text message.
- In the attack pictured above, we can see that the sender appears as an unknown number. When receiving text messages from the NHS, this will appear as ‘NHS’. In most cases, this is the same with your GP surgery.
- Long pressing and holding the link in this text message would also reveal the URL. In this case, the domain being used is ‘uk-application-form.com’. This is completely generic and bears no relevance to the NHS, indicating that it is suspicious. You should not click links with suspicious URLs like this in text messages. If you are unsure, it is always best to get a second opinion. Screenshot what you have been sent and share it with friends and family. In doing so you can be sure that what you have received is a scam whilst also raising awareness.
Website attack
Clicking the link in this text message will take you to a very convincing, falsified NHS website where the cybercriminals are asking for sensitive personal and payment card information as part of an application for the vaccine. On first glance, this looks exactly like the NHS website. Cybercriminals have matched the look and feel of the current NHS site and have used their logo to make it seem real.
As previously mentioned, the URL in the address bar shows that this does not belong to the NHS.
The vaccine is of course free and the NHS will never ask for bank details.
The site is not using HTTPS despite requesting payment card information. You should never divulge sensitive information such as your credit card number over a site which isn’t using HTTPS. This can be indicated via a padlock in your address bar.
We can also see poor spelling in the phrase ‘confirm owenership of address’. Mistakes like this should not be expected on the official NHS site.
The examples above are just one of the many variations of this Coronavirus phishing scam. Phone calls are also being used to trick people into providing sensitive information. Be sure to act cautiously if you receive a notification around the vaccine. It is always best to get a second opinion on anything you deem as suspicious.
We also highly advise that you share this information with older relatives as they seem to be the biggest target as part of vaccine scams.
Free Coronavirus phishing scams training
As a result of the current Coronavirus pandemic, cybercrime rates have rapidly increased. In March 2020, phishing attacks increased by 667%. To help stop these attacks from being successful, we have created a Coronavirus Phishing Scams Training Course, available for all UK organisations completely free of charge.
The course is up-to-date with the latest Coronavirus phishing scams, including false vaccination notifications.