The phishing scam that is underway is one pretending to be from the UK’s National Health Service (NHS). the message ‘alerts’ recipients that they are eligible to receive the COVID-19 vaccine. This is despite the U.K. government having established a set priority list for those eligible for the first wave of vaccines.
Twitter users began reporting that they received this phishing email. The issue was compounded by some of the recipients being in the right age group to be eligible and potentially falling for the scam. The phishing email asks the recipient if they want to accept or decline the invitation to schedule their COVID-19 vaccination. The recipient is then taken to a fake NHS site stating that they were chosen for the vaccination based on their medical history and, remarkably, genetics.
If the individual still goes along with the scam, they are then pushed through a series of pages asking for information including the person’s name, mother’s maiden name, address, mobile number, credit card information, and banking information
Looking into this activity for Digital Journal is Andrew Hollister, Senior Director at LogRhythm Labs and Security Advisor to the CSO.
Hollister begins by seeing the scam as one that builds upon earlier actions by criminal entities: “As we have witnessed throughout 2020 and into 2021, threat actors continue to exploit unsuspecting individuals by leveraging themes related to COVID-19. In this latest variation they are targeting people who are simply looking to receive the COVID-19 vaccine and return to some semblance of normalcy. These bad actors are preying on people’s hope, and unfortunately phishing scams are an easy way for them to gain access to the sensitive information they want.”
In terms of how people should resist these malicious criminals, Hollister recommends that people “must remain vigilant and carefully screen communications about vaccine offerings that they receive through email, text and over the phone. Check with local health departments for accurate information on authorized vaccine distribution and only share personal health information with trusted medical professionals. This is a real risk that we will continue to see across the globe as vaccine distribution continues.”