/ Scams

Scam alert: fake NHS COVID-19 vaccine text

A dangerous fake NHS text has been circulating, telling people they’re eligible to apply for the COVID-19 vaccine. Here’s what it looks like.

A member got in touch with us today when they received a text message purporting to be from the NHS.

It confusingly stated that “we have identified that your are eligible to apply for your vaccine” and advised him to follow a link to get more information and ‘apply’:

This URL takes you through to an extremely convincing fake NHS website that asks for your personal details, but the member became suspicious when it asked for his bank/card details in order to ‘check his identity’.

It was then that he began spotting spelling mistakes on the site and in the SMS itself, which we’ve warned many times before are classic signs of a phishing scam.

We found that the fake site was also registered just two days ago – another reason to be suspicious, and one that demonstrates the importance of reporting these scams as soon as you receive them.

As of 26 January, variants of this scam are now also being reported:

Remain vigilant of coronavirus scams

We know that criminals will use the confusion and urgency around the pandemic as a way to target potential victims – we’ve covered five similar attempts here on Which? Conversation already:

Council tax reduction phishing email

Fake NHS contact tracing text

HMRC Government grant phishing email

Microsoft ‘covid relief fund’ phishing email

COVID-19 vitamin pill cold calls

With the recent approval of multiple vaccines in the UK, these types of scam attempts are likely to continue as fraudsters look to take advantage of the rollout to so many people.

Our advice

If you think you may have handed over your card details to scammers, let your bank know what’s happened immediately.

You can then attempt to recover any money lost by following our guide here.

Have you received this fake NHS vaccine text or any other type of scam relating to the vaccine?

Let us know in the comments if you have, and please do share this warning with friends and family so we can prevent anyone from falling victim.

Update 7/1/2021: Cold calls

Cold calls regarding the vaccine are also beginning to take place – we’ve already had reports of scammers asking people to pay for it over the phone:

If you receive one of these calls, hang up.

The NHS will contact you when it is your turn to receive the vaccine, likely by letter from your GP or from the NHS itself. However, if you’re aged 70 or over or you’ve previously received a letter saying you’re high-risk, you no longer need to wait to be contacted and can book your appointment online.

Read more about the COVID-19 vaccine rollout, and what it means for you


I now have 72 scam emails which I have kept in a folder unopened but they all have similar themes.
Most are telling me to apply for something or claim something. The variance of title lines is quite remarkable.

Forward them to report @phishing.gov.uk it’s the National cyber security centre Since Virgin had a data breach over a year ago I was inundated with scam emails Since I have been forwarding them I am down to about a couple a day which although still annoying is much better than before

Stephen Pollard says:
30 December 2020

I put all my scam emails into a blacklist folder, so if they reappear, they go into my Spam box and not into my Inbox.

Stephen Pollard says:
30 December 2020

I put all my spam emails into a blacklist folder, so if they reappear again they go into my Spam box and NOT into my Inbox

Stephen Pollard says:
30 December 2020

I put all my spam emails into a blacklist folder, so if they reappear again they go into my Spam box and NOT into my Inbox

Anne’s comment is helpful. I wasn’t aware of that address. It seems to be one that should be promoted heavily. I probably get 3 or 4 scam emails a day into my junk box which I simply ignore. I’ll try and forward some of them at least.

I’ve just tried to forward a scam email to report @phishing.gov.uk and it bounced back with a message saying it had not been delivered as it had been “rejected by the recipient’s server”. I suppose this means the government can claim that the public don’t see scam emails as a particular problem because so few reports are received through their dedicated reporting system!

Gus Mathews says:
30 December 2020

I have had a few texts from ‘HMRC’ regarding a tax rebate that I completely ignored. Curiously a few days prior to this texts I had applied for my passport renewal through the Post Office where I had revealed to them my mobile number and email address. I believe that there is a mole either in the Post Office or at the ‘Home Office’ that is supplying personal details to the scammers.

Malcolm says:
30 December 2020

I thought I was pretty savvy about all these scams, but ….
I received a text message on my phone today from +447775636731 as follows:
HSBC: On the 30/12/20 you added a new payee MRS R AMHEED from your online banking, if this was NOT you please visit : https://hsbc.digital-payee-verify.com/
Panic set in about the need to take immediate action – and pressed the link!!
Fortunately a red screen warning came up with a warning about re-thinking before proceeding – and then the penny dropped. I don’t have any accounts with HSBC, but I’d missed that in my first quick scan. How obvious, but I’d missed it.
I can’t believe what I’d done, despite all the guidance from Which? and others. It;s easy to say don’t panic, but I did.

[Moderator: the website in this comment appears to be a fraudulent or scam website. We’ve kept the text of the URL to help you identify it, however clicking on it will take you to our guidance on how to spot a fake website. Remember to use caution and make sure the website is legitimate before giving any personal or payment details.]

I sympathise with that. I once clicked a link in an email that I thought was from a friend sending me a joke. I was in a hurry and didn’t look at the sender’s email address. Fortunately Google Mail warned me that it was an unsafe link so I didn’t proceed.

david smith says:
31 December 2020

I had exactly the same text purporting to be from Halifax who i do bank with.It is worded cleverly as it makes you believe something has happened and you need to take action to stop it.Like you on this occasion i clicked on the link which enabled the scammers to set themselves up as a payee on my account and they took £800.Fortunately Halifax were very good and refunded the amount in full but please be aware of this type of scam.

John wrote: “It’s good to know that banks are responding helpfully to customers’ losses, but the refunds are coming out of customers’ deposits, higher interest rates and increased charges for services.” As I see it the problem lies with the banking sector providing scammers with accounts and card services without establishing that they are bona fide companies. Surely it is incumbent on the banking industry to be more careful and to react promptly when problems are reported.

A question I asked earlier was to report who are the most involved receiving banks and where they are located. At present I see both (some) banks and (some) customers to be somewhat at fault. I don’t want to subsidise either.
I’d like to see much more information so we can make better judgements.

I support Malcolm’s line on this. So long as banks are able to charge no-liability refunds to customer accounts rather than to corporate profits as a separate line in their accounts they are under no incentive to remedy the deficiencies in their operating practices.

I think the mutual institutions should take the lead on this.

I expect that your bank and mine will refund ‘no blame’ transactions. Which? has explained that these are when the customer has not authorised the payment. That seems clear to me though it would help if Which? had explained this better when we started to discuss refunds.

The main problem as some of us have identified is that banks are providing fraudsters with accounts and card services. That is what must be stopped and the money recovered from the receiving banks. I would like to see some input from the banking industry to explain what is being done to to tackle the problem.

It would be so good if companies/organisations had only one web address, otherwise the scammers are in a win, win situation.

DPD dpd.co.uk also has dpdlocal.co.uk and dpdgroup.co.uk – how are we expected to know the latter two? Even if we do remember, we may believe that dpdlocalgroup.co.uk looks authentic.
WHICH which.co.uk also has conversation.which.co.uk if a scammer uses conversationwhich.co.uk are we likely to spot the difference?

Richard Pennicard says:
31 December 2020

The trick is to look at what comes between the .co.uk (or .gov.uk or .com or whatever) and the . before that. If that is a genuine URL (like ‘user.which.co.uk’) then you’re OK. anything else (like ‘whhich.co.uk’ or’ info_which.co.uk’ then it’s fake.

Claude Juillet says:
30 December 2020

Be careful with PayPal as: ebay, Admiral Insurance & PayPal are the same company and PayPal is not secured. I did find this out when my PayPal account was used by someone else.

I’ve had a few pay pal scams which I delete as I haven’t used pay pal for several years.

Do remember to shut down your PayPal account completely, if no longer using it, as they are going to start charging a fee to inactive accounts.

Ann Pocklington says:
31 December 2020

Not strictly true. PayPal and ebay are actually two separate entities. ebay does own PayPal, and are connected but operate separately. I’m not sure about Admiral Insurance – do you perhaps mean Admiral Marketing?

I had an early morning phone call telling me my internet was go into be cut off. I asked the name of the company who said they were called ref BT, I don’t use BT. I put the phone down and second s later another man phoned. I told him I didn’t deal with scammers and put down the phone . Other friends have received similar calls apparently.?

Had a number of those but usually recorded message.

A very familiar scam call which has gone round to all of us. Absolutely the right thing is to hang up. Never engage in conversations with cold callers as your name then goes on a list as someone who is ‘prepared to talk and listen.’ These lists are then sold on the dark web. Just cut off all cold calls within 10 seconds.

Lesley Frost says:
31 December 2020

We’ve had several of these in the last few days. All from different phone nos. interestingly, which gives way that it’s a scam!

31 December 2020

I have had scam calls with a voice over that sounds like an original propaganda from wwii.. and quite convincing..

Dr Roger Webber says:
31 December 2020

I returned from Christmas spent in Canary Islands and filled in the required Passenger Locator Form only to be contacted a few days later by a scammer trying to obtain personal information. Fortunately I realized it was a scam but I am concerned that they were so easily able to obtain access to what seemed quite a secure system. As one person mentioned above there seem to be moles within that are prepared to sell information.

A danger here is that by simply deleting emails that are unexpected and which may appear suspicious, you delete genuine emails. It is not helped by so many companies who discourage customers from contacting them by email and for whom it can be very difficult to locate a genuine email address. I find it astonishing that there isn’t a major international collaboration in order to prevent theses scams. If some of the most aware in society get caught out from time to time, what chance for the less savvy!

Probably not recommended, but I have a memo card with totally false banking and personal details, including sort code, account number etc. which I ‘reluctantly’ divulge to the caller. Seems to have resulted in a big reduction in calls from these hard working entrepreneurs.

Freda Richardson says:
31 December 2020

I know by experience how being under stress can make even the savvy vulnerable because I almost got caught in 2013 with a link up call. l had felt as if I was being being hypnotised. I did withdraw a large amount of money to my bank account before it dawned on me. The caller said he would call me again in 20 mins, but I didn’t answer his call. I visited my bank the following day just to make sure and
the money I had withdrawn was put into new account.

John Clements says:
31 December 2020

i r4cieved the scam on Christmas day as a message so i could not check it’s validity. It addressed me by name. i was taken in by it. On my children’s advice i phoned my bank and cancelled my debit card, No money was taken. My son came over to see me and shut down my email address

The Amazon scam call is one of the worst offenders, it’s not unusual to get 2 or 3 every day, all with differ telephone numbers

Yes we get loads of these from Amazon or” Ama_zon” as they always pronounce it, with the stress on the final syllable. As soon as you hear this – put the phone down!
Does anyone know how we can stop these?

Thanks for the useful reminder.

You say “We found that the fake site was also registered just two days ago – another reason to be suspicious”. I’ve no idea how to find out when a site is registered; can you please let us know how to do this.

John Hunter says:
31 December 2020

What is annoying with all these scam calls is that now most of them are recorded. When there was a person on the line at least you could be extremely offensive to them. Eventually I decided a better tactic was to ask “Do you think your mother would be proud of the way you earn your money?” It may just have given them food for thought.

Stewart SEYMOUR says:
31 December 2020

I have what I consider the best solution to unwanted/scam ‘phone calls and that is to simply allow the ‘phone to go on to voicemail – EVERY TIME – and listen first to find out whose calling and if it’s a sales/commercial call – or worse – just hang up; don’t try to “have a go at them” by swearing at them, etc – believe me, these people are awfully thick skinned and will have been sworn at many, many times before! From my experience they rarely leave a message on the voicemail unless it’s a recorded message (only because that uses up little or no time to do). I know this won’t make a difference with regard to emails, but as far as ‘phone calls are concerned why not give it a try?

Maureen says:
9 January 2021

We never answer numbers we don’t recognise, that aren’t in the phone’s memory. Let the answering machine record the call, if they even bother leaving a message. If a false local number rings and it’s a recording, hang up. No decent firm will contact you with a recording.

You say that spelling mistakes are a sure sign of a fake communication, but are you aware of just how many spelling mistakes are creeping in to your own reports? Also sentence construction and/or lack of punctuation make it difficult to understand some sentences without re-reading them several times.

I suggest that it is time to treat all emails, text messages and phone calls as potential scams.

It would help if legitimate organisations would stop using clickable links in emails and messages, so that anything with links is likely to be malicious.

I find it very helpful when there are clickable links in bona fide emails.

I would be prepared to forgo the convenience of links if it could save many of us from being scammed. You have mentioned the use of links for password resets, Derek. I suspect that these are low risk because an email can arrive within seconds.

I am very wary of following a link in any email unless I am certain of its origin, and never any that touch on finances. It is not that inconvenient to react to an email by going direct to the company or institution and accessing the information there. Maybe I don’t have enough of these emails to cause me much extra work; from banks, insurance, deliveries, suppliers for example. But protecting my assets and peace of mind is more important than saving a few minutes of my time every so often.

I would prefer it if the reputable financial companies, at least, voluntarily agreed to stop including links.

Password reset links are but one example of the use of emails with links for authentication. Some of the online services that I use will only let me login from a new device after I have received and clicked on a link sent to my email. So that is an example where emailed links enhance security.

Most of the time, emails containing unsafe links should get blocked by one’s email provider.

A second line of defence should then be provided by security features within one’s Web browser.

Those steps ought to block the vast majority of malicious links.

On Chrome books, those features are seamlessly incorporated into every pc, so it is usually hard to navigate unsafe websites.

Also, expecting folk to independently navigate to websites exposes them to the risk of ending up in the wrong place.

We’ve seen many recent examples of this, with folk who reached fake driving licence renewal sites and such like.

As it is legal to pay someone else to do cleric work for you, those sites cannot be blocked as illegal scams.

I always try and use the spam/junk reporting tool on my email accounts. It would be great however if all the various email providers worked together more with this information to help.