NHS Vaccination Proof Phishing Campaign Rife in the UK

Cybercriminals have stepped up their efforts to scam Brits according to new research, with one of the most common scams offering fake proof of COVID-19 vaccination. According to Tessian, the phishing scam spoofs the NHS and advises recipients that they are eligible to apply for a “Digital Passport” which can be used as proof that an individual has been vaccinated against COVID-19 or has contracted COVID-19 and has recently recovered.

The phishing emails include the NHS logo and a button for users to click to get their digital passport. According to the messages, which are convincing and well written, the passport consists of a QR code that can be scanned by border staff without having to reveal any personal data.

NHS spoofed in COVID-19 vaccine passport scam

If the user clicks the link, they are directed to a webpage that spoofs the official NHS website and asks for personal data and vaccination information, along with credit card details.

COVID-19 Vaccination Passport Scam Website

The NHS COVID-19 vaccination scam is credible, but there are red flags. First, the NHS would never ask for credit card details to be provided for proof of identity and payment would not be required for proof of vaccination as this is a free service. While the website to which users are directed has the branding and layouts of the site that it spoofs, the domain is not owned or operated by the NHS. However, the messages are sure to fool many individuals. The campaign also stands out in terms of size. 22% of Brits have received the message in the past 6 months, according to Tessian. Tessian also says its research indicates around 35% of Americans had received similar scam messages related to proof of vaccination in the past 6 months.

Scammers have not only been using emails for these scams on Brits, there has been an increase in telephone and text message scams this year. 82% of respondents to a poll conducted on 2,000 individuals by Ofcom, the regulatory and competition authority for the broadcasting, telecommunications, and postal industries in the United Kingdom, said they had received a scam call or suspicious text message in the previous 3 months. If the sample is representative of the UK as a whole, that suggests scams have been attempted on around 45 million Brits over the summer.

71% of respondents said they had received a suspicious text message, with 44% of those individuals saying they had received more than one message a week. Calls are also being made to landlines. These scams are often conducted on the elderly, who are also more likely to use a landline. 61% of respondents aged 75 or older said they had received a potential scam phone call, with 53% saying they received a call more than once a week. Tech support scams, notifications of suspicious (Amazon) charges, and special offers on mobile phones are all common themes in the phone scams, which are often run out of South Asian call centers.

According to the survey, around 2% of individuals said they had followed the instructions provided by the scammers in a message or phone call. If that number is representative of the UK as a whole, that means around 1 million Brits may have fallen victim to one of these scams.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news