Despite lockdown easing, phishers are still finding ways to use Covid to get our information, and that has now extended to proof of vaccine status. If you’ve been contacted by someone who wants you to purchase a vaccine pass, yes, it’s a scam.
What’s a phishing scam?
A phishing scam is a way of getting a victim’s personal information, and either selling it on or using it to access their money. A scammer pretends to be a person or business that they are not, in order to convince you to part with your cash, or your information.
When we talk about phishing scams, we’re usually discussing scams over email, but they can also be attempted over the phone (sometimes known as vishing), over text, or even through the post. Phishing emails have become more effective over the years as we’re used to receiving correspondence by email, as well as submitting information and paying for things online.
Phishing scams tend to work best when they’re based on something that is current, and something that we’re already scared about, which is why we’re getting so many Covid-19 phishing scams. At the beginning of the pandemic, we saw a lot of scams offering people vaccines, and in this scam we’re seeing phishers use vaccines again.
The latest covid phishing scam: a fake NHS Covid Pass
The classic phishing tactic that phishers tend to use is to scare you (or sometimes excite you) into clicking a link in an email. When we’re feeling scared, we’re less likely to slow down and think through what we’re doing; we’re much more likely to make a snap decision. This works well for phishers, because the last thing that they want you to do is stop and think before you hand over your personal information.
However, they also go with the times. With the majority of the UK now having been offered a vaccine, phishers are trying a new tactic: the NHS Covid Pass. The NHS Covid Pass is a way to prove your vaccine status using your smartphone (we’ve written an article all about how to get the app, and how to use it here).
Scammers are using phishing emails, text messages and social media in this scam, and some have even used phone calls. Essentially, whatever format you receive the scam in, the message is the same; a phisher contacts you asking whether you have your NHS Covid Pass, and offering you one - for a price, of course.
The phisher then asks for all of your personal information, and either supplies you with a fake vaccine certificate (along with a hefty bill) or simply makes off with your details. Even in cases where the transaction goes as planned, and the individual is aware that they’re purchasing a forgery, you’ve still provided a criminal with all of your personal details, and your information is likely to be sold onto the highest bidder.
What should I be on the lookout for?
The great thing about this phishing scam is that it’s really easy to detect; if you’ve been offered an NHS Covid Pass via email, that’s a scam. The NHS are encouraging people to download the app to prove their vaccine status, but this will never come with a price tag - just like the vaccine itself.
Remember, the NHS will never ask for payment, or financial details. Be wary of any emails that you receive that discuss the NHS Covid Pass as something which is available for purchase, and never click a link within an email that you think is suspicious.
Tweet us @TranscenditUK