The vaccine for Covid-19 may be rolling out over the next couple of months, but so too is the latest set of phishing scams from fraudsters who are using the vaccine to their advantage. We’ve been looking at one of these scams, a text perpetuating to be from the NHS which is (not at all surprisingly) after your bank details.
Why are scammers using the Covid-19 vaccine?
Phishers and scammers often use an organisation that victims are familiar with to lure people in, as well as a compelling ‘hook’. In this case, the organisation is the NHS which is obviously familiar to those living in the UK. The clever hook here is the vaccine - which is currently being offered to those over the age of 80, those who live or work in care homes, and health workers who are considered high risk.
Those who receive the text who are within these groups are likely to be expecting communication from the NHS, and as such the scam is very convincing. Those who aren’t within these three groups but do want to receive the vaccine may be taken in by this scam too; particularly if it suggests they can get the vaccine earlier than expected. We've heard of phishing emails and scam phone calls doing the same thing.
Due to the pandemic, we’re also now accustomed to receiving correspondence from the NHS through our smartphones. As such, a text pertaining to be from the NHS is likely to be more convincing now than it may have been before Covid-19.
Let’s take a look at the vaccine text scam
The text reads as follows, ‘we have identified that your [sic] are eligible to apply for your vaccine. For more information, and to apply, follow here: [link redacted]’. Clicking the link takes the victim to a webpage that has been made to look like the NHS website. If you progress through the application process, you’re prompted to fill in your name, date of birth, address, and (you guessed it) a payment card.
The site looks incredibly similar to the NHS website, even featuring a ‘Read before applying’ box which encourages victims to read the information on the vaccine before filling in an application. This is particularly unusual for a phishing scam, as it almost encourages you to stop and think about applying before doing so. Obviously, this makes an already convincing scam seem even more legitimate.
The warning signs
Very few phishing scams are watertight and perfectly presented, and this one isn’t an exception. Spelling errors are prevalent through both the text and the website, which is a great indicator you’re looking at a forgery (‘your’ instead of ‘you’ in the original text, the word ‘ownership’ is written as ‘owenership’ in the website itself).
Spelling errors in phishing scams may be due to the phishers writing in something other than their first language, but equally phishers are after victims that don’t take the time to think critically - and if you don’t question a spelling error, you might not question the other aspects of this website that don’t hold up to scrutiny.
The website address is also a red flag; despite the colours, branding and NHS logo, the url is ‘uk-application-form.com’. Evidently, this is not the NHS website, no matter how many sentences they’ve copied. As such, there is no padlock in the web address bar, meaning that the information you send to the website is not secure.
The biggest warning sign from this scam is that they are asking for payment details. According to the NHS, ‘The NHS will NEVER ask you to press a button on your keypad or send a text to confirm you want the vaccine, and NEVER ask for payment or for your bank details.’ If you’re on a website that is requesting these details, or have had a phone call from someone requesting these details, you can be sure that they aren’t the NHS.
What should I do if I receive this text?
If you receive this text, do not follow the link. As stated above, the NHS will not ask you for bank details or payment details. If you think you have fallen victim to this scam or a similar scam, Which? has a guide to help you get your money back.
Tweet us @TranscenditUK
Image from Unsplash