The Chartered Trading Standards Institute (CTSI) reports evidence of a phishing scam themed around the NHS COVID-19 coronavirus contact tracing app, even before the real app has been released nationally, as it is being tested on the Isle of Wight.
Scamming texts inform people that they have come into contact with someone who has tested positive for COVID-19. The message contains a link to a bogus website which asks for the personal details of the user. As Trading Standards says, scammers may use the information to gain access to bank accounts and commit other forms of identity fraud.
Scams related to the coronavirus emergency have taken off since March, and Action Fraud the official centre for reporting fraud to police, reports that COVID-19 scams stole over £2m during this time.
CTSI Lead Officer, Katherine Hart, said: “We have witnessed a surge in COVID-19-related scams since lockdown began. This evidence is yet another example of scammers modifying their campaigns as the situation develops. I am especially concerned that scams themed around the contact tracing app are already appearing, even though the official NHS app has only been released in a limited testing phase on the Isle of Wight.
“These texts are a way to steal personal data and may put the bank accounts of recipients at risk. If anyone receives texts or other kinds of messages like this, they should not click on any accompanying links, and report them to Action Fraud.”
To report instances of scams, go to the Action Fraud website (although throughout the virus-lockdown Action Fraud has said it’s giving ‘a reduced service’); or if in Scotland, call Police Scotland on 101.
Comment
Mollie MacDougall, threat intelligence manager at counter-phishing product firm Cofense said that for cyber criminals, the pandemic sadly presents a new wave of opportunity, as evidenced by the explosion of themed phishing attacks over the last three months. “This example is particularly malicious and abhorrent, given that it plays on the NHS’ new contact-tracing app, which could potentially be rolled out to a huge percentage of the UK.
“This example of SMS phishing will almost certainly be the tip of the iceberg for threat actors abusing the contact tracing app narrative for malicious intent, and the targeting of enterprises and individuals using this theme will likely increase.
“As the impacts of COVID-19 unfurl, so too do the phishing themes. Just last week we found phishing emails aimed at business, claiming that a colleague had passed away or fallen ill as a result of Coronavirus, aiming to harvest users’ passwords and personal information through a malicious attachment. This is one of several themes related to the pandemic. Threat actors are willing to go to any psychological length to attract their victims, but it is important to exercise the utmost caution and restraint in the face of emotionally jarring emails or text messages. Be aware of the fact that phishing scams are abundant, and if something about a message seems off, remember that it very likely is.”
