A phishing email suggesting that people can order a PCR test specific to the new Omicron COVID-19 variant has been found doing the rounds in the UK. It purports to be from the NHS and directs unsuspecting victims to a website that asks for their full name, DOB, home address, mobile number and email. It also asks for a small payment of £1.24 to cover the delivery and test result costs.
Alarmingly, it also asks for the user’s mother’s name, which is often used to bypass security questions one might receive from their bank.
“Phishing attacks and other scams often exploit emotions to get people to react quickly and without thinking things through. This new COVID-19 variant has some significant emotional weight for people who are tired of lockdowns and the continuing impact of the pandemic, making it a powerful tool to get people to click,” said Erich Kron, security awareness advocate at Knowbe4.com. “Over the last two years, people have become emotionally exhausted and easily frustrated by the potential restrictions related to the possibility of future lockdowns or restrictions, and by vaccine-related news. This makes it a prime topic to use in phishing and social engineering attacks.
“By using the NHS brand and making the emails appear very legitimate, the attackers make it look like it is coming from a legitimate and well-known organization, making people even more likely to click on the included link,” he concluded.
KnowBe4 also offered this advice in a blog on the subject: If you think you might have entered your details on a fraudulent site, contact your bank immediately and cancel your compromised card/accounts. Monitor your bank accounts closely and review the transactions for any signs of unauthorized payments. If you receive an email that looks suspicious, report it at “[email protected]”. To report smishing texts, forward them to 7726.