Expert Commentary: Phishing Attack Impersonates UK NHS To Obtain Sensitive Consumer Data

It is being reported by the users on the Twitter that they have received phishing emails claiming to be from the UK’s National Health Services (NHS) offering them to sing-up to receive the COVID-19 vaccine. At the sign-up process, it will prompt the users to provide the sensitive information such as name, adddress, credit card and banking information. The cyber security experts commented below on the danger of phisphing emails especially when the threat actor is using sensitive issue such as COVID-19 to trick the recipients to provide the personal information.

Experts Comments

January 27, 2021
Dean Ferrando
Systems Engineer Manager – EMEA
Tripwire

Attackers will look for any opportunity to exploit human weakness, and in this particular case, appealing to human nature tempting people to click on phishing links that might take them to medical vaccination sites. There has also been an increase in appealing to human nature where fake sites set up to harvest personal information to help people in communities.

 

As long as emails are a means of communicating, scammers will attempt the same with fake emails. Email as implemented today is a

.....Read More

Attackers will look for any opportunity to exploit human weakness, and in this particular case, appealing to human nature tempting people to click on phishing links that might take them to medical vaccination sites. There has also been an increase in appealing to human nature where fake sites set up to harvest personal information to help people in communities.

 

As long as emails are a means of communicating, scammers will attempt the same with fake emails. Email as implemented today is a terrible system for conducting business. While attempts have been made to improve the technology, none of them have taken hold. 

 

It’s especially difficult for many people to recognize a scam when it carries the apparent NHS authority in the communication, which is why we see many of these COVID-related scams.

 

Individuals must show extreme caution to all links and attachments sent to them and have the mindset that if it looks too good to be true, then avoid it at all costs.

  Read Less
January 27, 2021
Michael Borohovski
Director of Software Engineering
Synopsys

Covid-related vaccine scams have been making the rounds in countries around the globe. And I suspect there will be more to come in the near future. When rolling out new initiatives where there is the potential for misinformation or confusion to spread, bad actors will certainly take advantage. Be vigilant. Do your own research about what the vaccine involves, legitimate sources to get the vaccine, what the process is, etc. That’s specifically why the abundance of crowdsourced informational

.....Read More

Covid-related vaccine scams have been making the rounds in countries around the globe. And I suspect there will be more to come in the near future. When rolling out new initiatives where there is the potential for misinformation or confusion to spread, bad actors will certainly take advantage. Be vigilant. Do your own research about what the vaccine involves, legitimate sources to get the vaccine, what the process is, etc. That’s specifically why the abundance of crowdsourced informational sites exist – we have found most of the official sites to be lacking in usability or clarity. But if something feels off, it probably is.

  Read Less
January 27, 2021
Casey Ellis
CTO and Founder
Bugcrowd

The critical importance and widespread uncertainty around the COVID-19 vaccine put the global spotlight on government and healthcare organizations involved in distribution efforts. As the world waits with bated breath, the anticipation and anxiety around the subject of vaccination make it especially useful as a phishing lure for attackers who target unsuspecting citizens. This was most recently demonstrated by the ongoing phishing attack linked to the UK's National Health Service (NHS). The NHS

.....Read More

The critical importance and widespread uncertainty around the COVID-19 vaccine put the global spotlight on government and healthcare organizations involved in distribution efforts. As the world waits with bated breath, the anticipation and anxiety around the subject of vaccination make it especially useful as a phishing lure for attackers who target unsuspecting citizens. This was most recently demonstrated by the ongoing phishing attack linked to the UK's National Health Service (NHS). The NHS phish was a serious attempt - It used the pretext of existing NHS vaccinations campaigns, included "credible jargon" and NHS design mimicry to appear as legitimate as possible, and exploited loss-aversion through a fake "use it or lose it" message.

  Read Less
January 27, 2021
Boris Cipot
Senior Sales Engineer
Synopsys

The current pandemic presents a great opportunity for scammers and cybercriminals worldwide to take advantage of individuals. We’ve seen similar situations in various regions around the globe. One thing that people need to know is that they should never give out any personal information via phone or email. They also need to be aware that there is no official means of buying the vaccine nor an earlier appointment to be vaccinated. The Covid vaccine is government-sponsored and is not

.....Read More

The current pandemic presents a great opportunity for scammers and cybercriminals worldwide to take advantage of individuals. We’ve seen similar situations in various regions around the globe. One thing that people need to know is that they should never give out any personal information via phone or email. They also need to be aware that there is no official means of buying the vaccine nor an earlier appointment to be vaccinated. The Covid vaccine is government-sponsored and is not offered for sale. In case of doubt, contact the vaccination centre in your region directly. Do not respond to calls or emails that request credit card information or any other means of payment.

  Read Less
January 27, 2021
Sam Curry
Chief Security Officer
Cybereason

Colour me as not surprised that the latest COVID-19 pandemic threat is focused on consumers looking to schedule vaccinations. Do nation-state threat actors have no shame? Their year-long attacks on companies at the forefront of medical care and research has shown a cold-calculus. Brazen attempts from state sponsored threat actors in China, North Korea, Iran and Russia to disrupt the COVID-19 supply chain, the administration of vaccines and the return to health of thousands of people that are

.....Read More

Colour me as not surprised that the latest COVID-19 pandemic threat is focused on consumers looking to schedule vaccinations. Do nation-state threat actors have no shame? Their year-long attacks on companies at the forefront of medical care and research has shown a cold-calculus. Brazen attempts from state sponsored threat actors in China, North Korea, Iran and Russia to disrupt the COVID-19 supply chain, the administration of vaccines and the return to health of thousands of people that are sick with the virus, are acts of war and one can hope these cyber thugs are eventually brought to justice. 

 

Kudos to law enforcement agencies and every person involved in the investigation of COVID-19 related fraud and scams. For people looking to schedule a vaccination, this isn't the first or last time social engineering will be used to steal proprietary information from individuals for profit. Consumers should never open attachments from untrusted people and sources, visit dubious websites or download information from untrusted places. To eliminate the cyber risk involved in scheduling a vaccination, go directly to the hospital's or clinic's website or make a phone call to do your scheduling. Never open an attachment via email as phishing scams will continue so long as the market exists.

  Read Less
January 27, 2021
Javvad Malik
Security Awareness Advocate
KnowBe4

Whenever there is a newsworthy incident or event, criminals are quick to jump on the bandwagon with phishing scams and attacks to try and obtain personal details, compromise organisations, or steal money.

 

The pandemic has provided ample opportunities for criminals who have been adapting their techniques over the last year with phishing attacks claiming to originate from health organisations like the WHO, or playing on peoples financial difficulties with emails which claim to be from HMRC.

 

Wi

.....Read More

Whenever there is a newsworthy incident or event, criminals are quick to jump on the bandwagon with phishing scams and attacks to try and obtain personal details, compromise organisations, or steal money.

 

The pandemic has provided ample opportunities for criminals who have been adapting their techniques over the last year with phishing attacks claiming to originate from health organisations like the WHO, or playing on peoples financial difficulties with emails which claim to be from HMRC.

 

With the vaccine rollout in progress, it's no surprise that the criminals have shifted to try and scam people through fake vaccine registration pages.

 

It's therefore important that people remain vigilant at these times as to which links they click on and where they share any personal information. When in doubt, they should contact their dr or healthcare provider through tried and trusted channels and not give any information to unknown websites, text messages, or phone calls.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.