The United Kingdom’s National Health Service (NHS) has warned the public about a wave of fake messages sent out as text messages fraudulently telling recipients that they have been exposed to the Omicron variant of COVID-19.
In a tweetsaid the NHS had seen reports of text messages claiming to come from the NHS telling recipients that they had been in close contact with someone who had a confirmed COVID-19 infection and that they should order a test kit .
So what happens if you make the mistake of clicking on the link in the fake text message you received?
The right NHS website is on nhs.ukbut it is clear that the scammers do not want you to go there.
Instead, the link sent to you by the scammers leads you to a lookalike site that pretends to belong to the NHS.
To the casual observer, it’s very similar to the real NHS website. In fact, on a smartphone you may very well not notice that the domain you have visited is not nhs.uk.
This fake website wants you to order a test set that you “only have to pay £ 0.99 for postage”.
The real NHS no longer distributes free COVID-19 test kits, so the idea that all you have to do to receive a free test is pay 99 pence in postage should also ring the alarm bells in the victim’s mind. But if you’ve gotten this far through the scam, chances are that you too – in your panic of getting yourself tested for the Omicron variant – have forgotten that fact.
Of course, the website will not only have your money. It will also have your full name, address, date of birth and other personal information. By disclosing this information, you are unknowingly helping the fraudsters to further deceive you by sharing your personal data. At some point in the future, this information may be used against you by a scammer to make it seem even more compelling.
The scammers use a number of different domains in their scam messages, many of which have only been created within the last few days.
In its warning, the NHS refers advice from the NCSC on spotting fraud. One could imagine the NHS also reporting the scam sites to the NCSC so they can be shut down as soon as possible, but – of course – opportunistic scammers will continue to create new domains and send out more scam messages as long as they believe it will help them deceive innocent members of the public.
With so many scams relying on the use of newly created sites, it’s a shame that giants like Apple and Google are not doing more to warn users that they are clicking on a link to a site that you probably should be more skeptical of than one that has been around for years.
And no, it should be a given that you will not receive a free COVID-19 test kit in the mail after submitting your personal information on one of these scam sites.
Editor’s note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect Tripwire, Inc.