A very active phishing campaign is underway pretending to be from the National Health Service (NHS), alerting recipients that they are eligible to receive the COVID-19 vaccine.
On 25th January, numerous Twitter users began reporting that they received this phishing email, with some being in the right age group to be eligible and thus falling for the scam.
There are multiple variants of the phishing emails, but they all claim to be from the NHS at [email protected] (the real NHS domain is nhs.uk) and use mail subject similar to “IMPORTANT – Public Health Message| Decide whether if you want to be vaccinated.”
The phishing email, shown below, asks the recipient if they want to accept or decline the invitation to schedule their COVID-19 vaccination.
Regardless of the button selected, the recipient will be brought to a fake NHS site stating that they were chosen for the vaccination based on their medical history and genetics.
“The NHS is performing selections for coronavirus vaccination on the basis of family genetics and medical history. You have been selected to receive a coronavirus vaccination,” the phishing landing page reads.
The recipient will again be asked to accept or reject the invitation, but regardless of the button entered, they are pushed through a series of pages asking for personal information. This information includes the person’s name, mother’s maiden name, address, mobile number, credit card information, and banking information.
Once this information is submitted, the phishing page will state that the application is confirmed and that the NHS will contact the person to schedule the appointment.
After a few seconds, the page will redirect the browser to the real NHS site at https://www.nhs.uk/.
NHS will never require this info for a vaccine
To help people spot NHS COVID-19 phishing scams, the NHS tweeted today that the vaccine is free of charge and that they will never ask for bank account info or copies of personal identification documents.
The NHS has created a webpage explaining how people will be contacted to receive the COVID-19 vaccination and spot a scam.
It is also important to remember that the genuine NHS’ website is at www.nhs.uk and not in the format of nhs.gov.uk or nhs.org.uk, like other UK government websites.
If you mistakenly submitted your information as part of this phishing scam, you should assume that your information will be used by the threat actors for identity theft or other malicious purposes.
To be safe, the UK Information Commissioner’s Office (ico.) recommends that people perform the following steps:
- Report all lost or stolen documents, such as passports, driving licences, credit cards and cheque books to the organisation that issued them.
- Inform your bank, building society and credit card company of any unusual transactions on your statement.
- Request a copy of your credit file to check for any suspicious credit applications.
- Report the theft of personal documents and suspicious credit applications to the police and ask for a crime reference number.
- Contact CIFAS (the UK’s Fraud Prevention Service) to apply for protective registration. Once you have registered you should be aware that CIFAS members will carry out extra checks to see when anyone, including you, applies for a financial service, such as a loan, using your address.
CIFAS – The UK’s Fraud Prevention Service
7 – 12 Tavistock Square
BleepingComputer, the authors of this report, also suggest that victims be on the lookout for targeted phishing scams that utilize this information to try and gain access to your online accounts or other information.
Source: Bleeping Computer