According to the Guardian members of the public have been alerted to a scam in which fraudsters use a bogus version of the UK contact-tracing app being trialed on the Isle of Wight. The Chartered Trading Standards Institute (CTSI) said it had evidence of a phishing scam that uses a text message to try to fool people into believing they have been in contact with someone who has tested positive for coronavirus. The bogus text messages the CTSI has seen appear to have been sent by an official source associated with the app, directing recipients to a website that asks for their personal details. Scammers can then use the information to gain access to bank accounts and commit other forms of identity fraud.

As more people are abiding by lockdown and working from home, we are seeing cybercriminals leveraging fear to seduce users into clicking malicious links. In fact, our COVID-19 Cyber Threat Update revealed that the number of malicious domains using the words “corona” or “covid19” have increased exponentially. Therefore, it is no surprise that cybercriminals are exploiting the NHS COVID-19 application, due to the increase of pandemic-themed social engineering techniques. Indeed, if you are expecting an update from the NHS app then you may be more likely to open an email or text message containing the keywords: “Coronavirus” or “COVID-19”. This is concerning as our threat research team proved that more cybercriminals are using virus-themed terminology to mislead users into downloading malicious material, and in this case, harvest PII. Therefore, users with the mobile tracing app must be extremely vigilant as they may be more likely to fall victim to medically disguised harmful content.