Scammers are hoping to cash in on any confusion around the end of pandemic restrictions – watch out for these fake emails and texts.
Vaccine passes are completely free. You can download a digital version using the NHS app, or ask for a physical copy to be posted to you.
But fraudsters have been sending out fake NHS branded emails, falsely inviting people to apply – and pay – for a pass. We’ve also seen fake text messages along the same lines. These texts can be especially convincing as the NHS does contact patients using text messages.
Examples of fake NHS COVID Pass messages
Here’s one of the phishing emails we’ve seen:
And here’s a text message that links to a copycat NHS site that aims to steal victims’ personal and banking details:
⚠ SCAM ALERT | Watch out for this NHS COVID vaccine passport scam that's been doing the rounds.
It looks like it's linking to a genuine URL, but in reality, it's a slick phishing website designed to steal your personal and financial details. pic.twitter.com/WG2pcmRJf9
— Which? (@WhichUK) July 6, 2021
We know that scammers used similar tactics when the vaccine became available. The NHS Counter Fraud Authority (NHSCFA), which works to fight and prevent fraud affecting the NHS, told us:
Criminals are using the COVID-19 vaccines as a way to target the public by tricking them to hand
over cash or financial details. They are sending convincing-looking text messages letting people
know they are eligible for the vaccine or phoning people directly pretending to be from the NHS, or
The NHSCFA have put together guidance and advice to help anyone who may be a
target of these kinds of scams – COVID-19 vaccine fraud (cfa.nhs.uk)
NHS COVID passes are free of charge and can be obtained through the NHS website and app.
Instructions on how to get one are detailed here.
If you believe you are the victim of a fraud relating to the COVID-19 vaccine, please do not report
this to the NHSCFA. Please report it to Action Fraud, forward any suspicious emails to
firstname.lastname@example.org, and forward suspicious texts to 7726.
How to deal with NHS-related phishing
The best way to avoid text message scams is to never follow the links in texts that claim to be from organisations or companies.
If you get a text purporting to be from the NHS that you’re not sure about, check the details with your GP surgery or NHS service.
Fake texts (smishing) can be forwarded to 7726 (spells SPAM on the keyboard).
Have you been targeted by these fake NHS messages or similar? Let us know what happened in the comments, and help us spread the word by sharing these warnings with your friends and family.