The government recently announced the NHS Test and Trace, a service designed to trace people who have been connected to those who have tested positive for COVID-19. The government hopes that by tracing close recent contacts of people who have tested positive for COVID-19, testing each of those individuals and instructing them to self-isolate, they can control the spread of the virus.
It's been stated that NHS Test and Trace will work through contacting potentially infected individuals by email, text or phone call. The website states that, 'You will be sent a link to the NHS test and trace website and asked to create a confidential account where you can record details about your recent close contacts. If you do not have internet access or if you don’t complete the online process, one of our contact tracers will phone you to gather this information from you.'
What's the problem with NHS Test and Trace?
Unfortunately, security doesn't seem to have been a priority when setting up NHS Test and Trace. According to The Register, the phone number which you are contacted from is a published number, which means that text and call spoofing is worryingly simple.
Text and call spoofing (sometimes known as vishing) is a common way for scammers to acquire personal information and data from victims. Fake IT support phone calls are a popular vishing pretence, where someone contacts you to inform you that something is wrong with your computer. Fake calls from people pretending to be from your bank account are also commonplace, where victims are persuaded to give personal banking information to the scammers, who promptly empty the account.
It's incredibly simple for a scammer to use what looks like the NHS Test and Trace number for unscrupulous purposes. Just because the call or text comes from the official number, it does not mean that the person on the other end is legitimate.
What can we do?
Protecting yourself from fake NHS Test and Trace calls is tricky, because the legitimate calls share the hallmarks of scam callers. We're expecting cold calls from this service, and we're expecting to share personal information with the person on the other end. As such, it's incredibly important that we remain vigilant and aware whenever we receive a text, call or email claiming to be from the NHS or the Government. However, there are a few things that we can look out for.
Look carefully at the links in texts and emails, and where possible, find the link to the service yourself. In the case of COVID-19, the site is https://contact-tracing.phe.gov.uk/. NHS Test and Trace will never ask you for banking information, passwords, pin numbers, or ask you to dial a premium number. Be particularly wary of calls from individuals who require you to hit a number to be connected.
It's definitely worth familiarising yourself with the kinds of information that NHS Test and Trace will request from you. Be prepared for the kinds of calls you will receive, and you'll be much better equipped to tell the real ones from the scams.
Tweet us @TranscenditUK
