/ Scams

I almost fell for the fake vaccine text – we must disempower these fraudsters

In January, Which? member Sue thought she’d been invited to get the COVID-19 vaccine, only to realise just in time it was a fake text message. This is her story.

This is a guest post by Which? member Sue Whitney. Which? stands by her views on scams and is helping to spread awareness and warn others.

I’ve been a Which? member for many years and use the site not just for product reviews, but campaigns, news and reading Which? Conversation depending on the latest topics and needs of my family and I at the time. We all recognise it as a valuable source of independent consumer information and advice.

Shortly after the government’s briefings that new tiers of the vaccine were being rolled out, and following the successful campaign of vaccination for 70 and 80+ year-olds, I was eagerly waiting to receive news that it’d be my turn soon.

I have underlying health concerns, so was especially keen to be invited for the jab as soon as possible. I was thrilled late one evening in January to receive a text message stating that I was now eligible, so I followed the link and read through several pages of NHS guidance on the vaccine and possible side effects.

It all seemed very official, using guidance from the NHS site that I recognised, so I started to input my personal details as requested.

See what the fake vaccine text looks like and how it works

It asked for my credit card details

Where I expected it to ask for my National Health number, it instead requested credit card information. This was a red flag to me and immediately raised my suspicion – I knew that no one was going to be required to pay for the vaccine on the NHS.

I stopped going any further on the website and went back for a closer look at the previous pages. It was then that I started noticing numerous spelling mistakes – another sign that everything is not as it seems.

I deleted the message, but couldn’t shake the worry that I may have already given away some personal information.

Reporting the incident to Which?

The following morning I was still concerned about what happened. I felt so frustrated that I’d almost fallen for a scam, so I came to Which? Conversation to report what had happened.

It was here I found that I was far from alone: many others were commenting that they had been, and are still being, lured into this trap.

I felt angry that in this time of pandemic and high levels of vulnerability and anxiety, there were still those out there who were trying to take advantage of others and defraud them. I had a desire to warn others and prevent something so awful from happening to anyone who may also have received the fake text.

And that’s when I got an email from Which?. ITV’s Good Morning Britain had been in touch asking if Which? knew anyone who’d be willing to speak about their experience. I was only too happy to appear on Breakfast television on behalf of consumers!

Bringing these sort of scams to the attention of as many people as possible is one of the best ways of disempowering these fraudsters. I’d ask anyone who receives these scams to not only report them, but warn their friends and family as much as they can.

This was a guest post by Which? member Sue Whitney. Which? stands by her views on scams and is helping to spread awareness and warn others.

We spoke to Rianne Endeley-Brown of the NHS Counter Fraud Authority about what to do if you receive a text message like the one Sue received:

Fraud is not a crime that is always easily spotted- it is insidious in nature. That is why it is always important to remain vigilant, just like Sue has. We recently posted an article about the importance of making sure the NHS is protected so its patients continue to get the care they are entitled to. During the pandemic, there has been a rise in vaccination fraud (people claiming to be from the NHS, asking patients for their banking details to book their vaccinations). Fraudsters are taking advantage of the current times, seeing that the value of care has risen exponentially, they are exploiting the NHS and its patients. 

Always remember that the vaccine is free in the UK and available through the NHS. They will never ask for your banking details. 

If you ever have any doubt about who is contacting you, please report them to Action Fraud, the Suspicious Email Reporting Service (SERS), or you can forward any suspicious text messages to 7726.

Make us aware of a scam with our new scam sharer tool


Thanks for posting your story, Sue. We all have to be on our guard.

I believe that the NHS should have made use of the GOV.UK website to safely redirect vaccine bookings to the genuine vaccine booking site. All that is needed is a text saying to visit the GOV.UK website, so there would be no need for a link. The public could be told in advance of how the system would work.

In my case I received a phone call from my GP surgery, giving me a date and time to attend the local vaccination centre.

Kirsty says:
26 March 2021

The GOV.UK website can also be hijacked – someone whom I know went on to it & paid the fees to renew the family passports. It was a fraudster’s website, but totally convincing – this person is VERY tech-minded & worked as a programme tester for a well-known bank – so even there you can be scammed.

Thanks Kirsty. ‘Ethical hackers’ have a valuable role in identifying weaknesses in security systems. My view is that using GOV.UK is the safest way of accessing official services but there is more we can do to protect our personal information and money.

The GOV.UK portal can certainly be hijacked by others posing as official government agencies or functions, but so far as I am aware it has rarely been hacked, although some sub-elements [e.g. the DVLA database] might well have been broken into.

It doesn’t help people identify genuine sites when they use links like the one I got:
http://accurx.thirdparty.nhs.uk/r/3ujpsv1234 (end digits changed, checked and told invite code is mistyped)

The following day I received a phone call to book me in the next day.

The way this was done goes against all my defences to avoid getting scammed. As both car batteries were flat at the time, I got her phone number and called back when I had a chance to research the information I had and decide it was genuine.

I am surprised there isn’t a dedicated NHS.UK portal for all access to clinical services including general practices and others [e.g. optometrists and dental surgeons] performing NHS work. The NHS is bigger than the government and the biggest single employer in Europe.

Janet Bartlett says:
24 March 2021

[Moderator: this comment has been deleted as it did not adhere to the Community Guidelines. Remember to critique the argument, not the person making it.

@John – Not quite sure what you mean by a portal, but the nhs.uk part of the web address above – the domain name – says this is dedicated to the NHS.

(A portal normally agregates services from different organisations or geographies in one web page for convenient access. As the NHS is one organisation based in the UK, it doesn’t really need one.)

The qualifiers in front of nhs.uk (accurx and thirdparty) are subdomains of the NHS website – necessary because of the sheer size of the NHS and all the different services it provides. They quickly direct internet traffic to the correct computer servers, so it doesn’t pass through a single bottleneck.

This is not something the average user of NHS services should be expected to know. But I wish Which? would provide basic education about Internet services and how they work as a further defense to scamming.

I recall that gov.uk was originally advertised as a portal and I have used this terminology.

gov.uk provides a safe way to access a wide range of official services without the risk of clicking on a malicious or commercial link. I do not see any need to have entry site to access NHS services.

A timely warning. I was informed about my jabs by a nurse at my doctor’s surgery who I know. In addition to keeping bank details private I won’t divulge my name and address. If the call is genuine they will know who you are. I also burn any paper which has a name or address on it to avoid identity theft.

Stewart SEYMOUR says:
26 March 2021

I have the greatest sympathy for anybody who has become the victim of a fraud; but one thing I genuinely don’t understand is how somebody can fall for a scam involving a request for money to pay for the Covid-19 vaccine – I knew from the outset that this was totally FREE-OF-CHARGE. The Government made it very clear from the beginning that the vaccine programme was a wholly Governmental operation administered by the NHS, and that no costs by any individual would be incurred. I fully realise that many scams “look” genuine (and thus convincing), and therefore are, at first glance, difficult to spot – but fraudsters must be laughing their heads off when they get away with the vaccine scams! Please think carefully first …… please be patient and take a little time to understand any emails received before responding …… please take care; fraudsters thrive on some people’s failure to do so!

I had a similar email, and the wording and also the date was one day late. But sent it to my MP.