Scammers are sending fake emails and texts about the Omicron variant of Covid in order to steal personal data and bank details. Here’s what to look out for.
01/02/2022: Fake Omicron text messages
Following the spate of Omicron related phishing emails we saw at the beginning of December, we’ve been made aware of fake text messages being sent, employing similar tactics:
The NHS does contact people via text in some cases, but would only ever ask you to order a test via the GOV.UK site (https://www.gov.uk/get-coronavirus-test). Contact tracing only takes place in England via https://contact-tracing.phe.gov.uk/
Texts like this linking to sites that have nothing to do with the NHS can be forwarded to 7726 (spells SPAM on a phone keyboard).
Have you received this text or other fake communications relating to the Omicron variant of Covid? Let us know in the comments.
02/12/2021: Phishing emails
Another new fake email attempting to cash in on the confusion and anxiety surrounding the pandemic is doing the rounds, impersonating the NHS and offering ‘a free Omicron PCR today to avoid restrictions’.
Which? has reported this website to the National Cyber Security Centre (NCSC) but other scam texts, emails and calls related to Omicron are likely to follow suit.
Omicron phishing email: what it looks like
Image: thanks to the Marlborough Surgery, Seaham.
Thanks to a member of the public we’ve also seen a slightly different version of the same email, in which the link instead appears as a button:
Fake NHS website
The fake email was also sent to a Which? member from ‘NHS Customer Service’ using the email address ‘contact-nhs[AT]nhscontact.com’. This email address may seem authentic, but it has nothing to do with the genuine NHS.
As well as falsely claiming that the new Covid variant (Omicron) requires new test kits, the email invites readers to visit the site shown in the above image. But clicking the link takes you to the true web address – ‘healt-service-nh.com’ – which is a copycat of the NHS website set up just days ago:
This fake site asks for your full name, date of birth, address, mobile, and email address – more than enough to attempt identity fraud.
As well as requesting a payment of £1.24 for ‘delivery’, it even invites you to provide your mother’s maiden name, as many customers use basic security questions to secure their email and bank accounts:
How to spot and report an NHS scam
Never follow the links in unsolicited texts or emails. If you get a message purporting to be from the NHS, check the details with your GP surgery or NHS service.
You can read more about what to watch out for in our guide to spotting scams. You can then report it to help others:
⚠ You can forward phishing emails to the National Cyber Security Centre (NCSC) at firstname.lastname@example.org.
⚠ You can also report fake websites to the NSCS.
⚠ Fake texts can be forwarded to 7726 (this spells SPAM on the keyboard).
⚠ Use the Which? Scam Sharer tool and sign up for free Which? Scam Alerts.
We shared a copy of the fake email with our contacts at the NHS Counter Fraud Authority. A spokesperson said:
“The mandate of the NHS Counter Fraud Authority is to prevent fraud against the NHS budget. In pursuit of that goal, we are delighted to also support publicity campaigns that help members of the public, including health workers and patients, protect themselves from fraud too.
We applaud the efforts of Which? to fight back against the fraudsters. The same criminals will target individuals AND the NHS, especially during testing times”
What to do if you’ve been scammed
Let your bank know immediately if you’ve divulged your card or account details to scammers. Many banks let you instantly cancel your cards online or via their mobile apps so use this feature if its available.
If the scammers have stolen money, you can follow our guide to getting it back.
Keep an eye on your credit reports to spot potential identity fraud – we explain how to do this for free in our guide. You may also want to consider signing up for a Protective Registration with Cifas, which costs £25 for two years.
You should also change your passwords for any accounts that may have been compromised and set up two-factor authentication wherever possible to provide another layer of protection.
Have you received a fake email relating to the Omicron variant? Have you seen other examples posing as the NHS? Let us know in the comments.