Attentive to the concerns that the COVID-19 pandemic continues to generate, in some countries it was detected that scammers are deploying phishing campaigns in which they try to take advantage of the concern about the appearance of the new variant of the Omicron coronavirus, according to the agency consumer control agency Which ?.
In an email accessed by this body, cybercriminals impersonating the National Health Service (NHS), the UK’s national healthcare provider, and offering potential victims the opportunity to obtain a “proof Free Omicron PCR “on the pretext that this will help them avoid the restrictions recently introduced by the British government. The email also misleadingly claims that the new variant is not detectable by the test kits used for previous COVID-19 variants and that a new test kit has been developed for that purpose.
“There are different versions of the email that are circulating; for example, one contains a link, while another has a button access to the site. In any scenario, the user is redirected to a fake website that impersonates the NHS identity and is asked to fill out a form by entering their full name, date of birth, address, mobile phone number, and email address. Basically all the information a scammer would need to make a pretty convincing identity theft case. and fraud with the potential to leave a victim’s finances in shambles.”Says Cecilia Pastorino, IT Security Specialist at the ESET Latin America Research Laboratory.
Although the test is advertised as free in the mail, the website asks for a fee of 1.24 pounds, which is equivalent to about $ 1.64. In addition, as a preventive measure, it includes the option to enter your mother’s maiden name to use as a security question; an approach that is actually still used to help users protect their accounts online. In case the victims are tricked into completing the form, they have effectively provided the scammers with a plan to commit identity theft and fraud. The organization Which? has reported the website to the UK’s National Cyber Security Center.
Malicious actors often change the theme of their scams based on current topics to try to obtain sensitive data on people and their money, so it is not a surprise that they are taking advantage of the latest news about the COVID-19 crisis.
From ESET, a leading company in proactive threat detection, here are some recommendations to avoid being a victim of similar scams:
- If you received an email claiming to be from an official organization, check the entity’s website and contact them using the official contact information to find out if they actually sent that message.
- Please do not click links or download files you received in an unsolicited email from a source you do not know and cannot independently verify.
- Enable two-step authentication (2FA) for at least the most important online accounts and install reputable, multi-layered security software with anti-phishing protection.
“In addition to running a wide variety of COVID-19 vaccine scams, criminals have also targeted various pharmaceutical companies and government organizations involved in the vaccine development, approval and distribution process. For example, they have compromised a research laboratory at the University of Oxford that conducts research on ways to combat the virus and stolen documents from the European Medicines Agency, to name just a few campaigns and incidents in the last almost two years ”, concludes Cecilia Pastorino, IT Security Specialist at ESET Latin America Research Laboratory.
