A new Omicron phishing scam has been detected in the UK that spoofs the NHS and attempts to steal personal and financial information using a free COVID Omicron PCR test as a lure. The campaign is likely to be one of many taking advantage of fears about the latest SARS-CoV-2 variant of concern.
COVID-19 phishing scams have been a regular feature of the pandemic, so it is no surprise that the latest turn of events has triggered a wave of new phishing emails. The emergence of Omicron, a variant of concern that has the potential to escape the protections provided by COVID-19 vaccines, has naturally alarmed scientists and the general public alike and has created an opportunity for phishers.
Phishers use fear and urgency in their phishing scams to convince people to take an action that they would otherwise not do. The emergence of the Omicron variant has already generated fear, and the phishers are providing a solution. The Omicron phishing campaign was detected in the United Kingdom and impersonates the National Health Service (NHS). The emails offer a newly developed COVID-19 PCR test that is able to detect infection with the Omicron variant. The campaign is being conducted via email and text message, but this approach could easily be conducted by telephone.
One of the intercepted phishing emails tells the recipient that “NHS scientists have warned that the new Covid variant omicron spreads rapidly, can be transmitted between fully vaccinated people, and makes jabs less effective,” echoing the current fears of scientists. The email goes on to say, “However, as the new covid variant (Omicron) has quickly become apparent, we have had to make new test kits as the new variant appears dormant in the original tests.”
In order to receive the new test, the victim must click on a hyperlink in the email and will be directed to a webpage that spoofs the NHS patient portal. They are asked to enter their personal information, including their name, address, date of birth, contact telephone numbers, and email address. The NHS is a free healthcare service; however, the scammers request payment to cover postage costs. In order to pay the £1.24 delivery charge, the phishing page asks for bank account/credit card information and mother’s maiden name.
As is common in phishing campaigns, emails also include a threat. In a section titled, “What happens if you decline a COVID-19 Omicron test?”, victims are told that they will be required to isolate. While the emails contain red flags, such as multiple spelling and grammatical errors, the NHS branding and email address used to send the messages – contact-nhs[@]nhscontact.com – may be enough to convince people that the request is legitimate.
The success of this Omicron phishing scam depends on people taking action without carefully considering what they are being asked to do. While Omicron is a genuine cause of concern, always stop and think about any request for sensitive information via email, text message, social media messages, or phone calls. Official messages from the NHS will be free of spelling mistakes and the NHS will never ask for payment for sending COVID-19 tests.
While this Omicron phishing scam targets individuals, many COVID-19 phishing campaigns have targeted businesses and attempt to either obtain credentials or deliver malware. Businesses need to ensure they implement an anti-phishing solution that is capable of identifying and blocking phishing emails.
TitanHQ has developed a suite of cybersecurity solutions to protect businesses from cyberattacks such as phishing, with the latest solution – SpamTitan Plus – providing even greater protection against phishing attacks. SpamTitan Plus includes additional measures to improve malicious URL detection along with time-of-click protection to prevent employees from visiting the malicious websites linked in phishing emails.
If you want to improve protection against phishing attacks and the full range of email threats, contact TitanHQ today for more information on the best phishing solution to meet the needs of your business.