Expert Insight On Covid-19 Test & Trace SMS Phishing Attack

The NHS Test & Trace scheme is already being exploited by cybercriminals, with a new smishing (SMS-phishing) attack telling citizens that they have been in contact with someone who has COVID-19. An example of the text message is below. These kinds of fake text messages typically include a link to a malicious site, or will ask the receiver to share personal information that could then be used to commit identity fraud.

NHS has written specific guidelines on how they will contact people in the Test & Trace scheme, which can be found here.

Experts Comments

June 01, 2020
Ben Tuckwell
District Manager, UK & Ireland
RSA Security
Fraudsters are known to thrive in times of crisis. With millions of people around the country working from home, in many cases distracted by young children, the truth is that they are sitting ducks for clever and timely phishing attacks. This particular smishing (SMS-phishing) attack makes great use of social engineering by exploiting the fact the track and trace services are making headlines and there is a general heightened sense of fear; in all likelihood, at least some people will be fooled .....Read More
Fraudsters are known to thrive in times of crisis. With millions of people around the country working from home, in many cases distracted by young children, the truth is that they are sitting ducks for clever and timely phishing attacks. This particular smishing (SMS-phishing) attack makes great use of social engineering by exploiting the fact the track and trace services are making headlines and there is a general heightened sense of fear; in all likelihood, at least some people will be fooled into thinking that the text message is legitimate. Consumers can protect themselves by acting smart and pausing to consider each communication they receive, while remembering the three key smishing don’ts – don’t respond to texts from unknown or unusual numbers; don’t click on any links in text messages; and don’t share any banking information, usernames or passwords or other personal details after receiving a text message, unless you can verify who you are speaking with.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.