The NHS Test & Trace scheme is already being exploited by cybercriminals, with a new smishing (SMS-phishing) attack telling citizens that they have been in contact with someone who has COVID-19. An example of the text message is below. These kinds of fake text messages typically include a link to a malicious site, or will ask the receiver to share personal information that could then be used to commit identity fraud.
Be warned that text messages like this one are already in circulation as the track & trace service launches. They are not genuine and anyone going to that website link will be asked to submit personal information that will then be used by fraudsters. pic.twitter.com/P11vyuPVmr
— Stuart Fuller (@theballisround) May 28, 2020
NHS has written specific guidelines on how they will contact people in the Test & Trace scheme, which can be found here.
Fraudsters are known to thrive in times of crisis. With millions of people around the country working from home, in many cases distracted by young children, the truth is that they are sitting ducks for clever and timely phishing attacks. This particular smishing (SMS-phishing) attack makes great use of social engineering by exploiting the fact the track and trace services are making headlines and there is a general heightened sense of fear; in all likelihood, at least some people will be fooled into thinking that the text message is legitimate. Consumers can protect themselves by acting smart and pausing to consider each communication they receive, while remembering the three key smishing don’ts – don’t respond to texts from unknown or unusual numbers; don’t click on any links in text messages; and don’t share any banking information, usernames or passwords or other personal details after receiving a text message, unless you can verify who you are speaking with.