The latest Omicron phishing scam is currently targeting unsuspecting users in the United Kingdom and uses fake NHS emails to do so.
Omicron is the new variant of COVID-19 that has stirred anxiety worldwide, and scammers are eager to exploit this new opportunity to trap innocent users and steal data.
According to consumer watchdog group Which? a new phishing scam is identified in which scammers are using fake National Health Service (NHS) UK’s tests to steal data.
The campaign is identified at a time when the Centers for Disease Control and the World Health Organization have declared Omicron as a “variant of concern (VOC)” and deadlier than the Delta variant. The organizations have warned that it is spreading quickly.
UK Scammers Exploiting Omicron
The new phishing campaign is currently active in the UK. Reportedly, hackers are sending out phishing emails on a free PCR test, promising the recipient to detect the new COVID-19 variant.
However, in reality, hackers are tricking users into providing their personal information. The email appears to be sent by the UK NHS and has the subject line: “Get Your Free Omicron PCR test — Apply now to avoid restrictions.”
According to Which? one of the phishing emails they examined read:
“NHS scientists have warned that the new Covid [sic] variant Omicron spreads rapidly, can be transmitted between fully vaccinated people, and makes jabs less effective. However, as the new covid [sic] variant (Omicron) has quickly become apparent, we have had to make new test kits as the new variant appears dormant in the original tests.”
As evident, the email is full of spelling/grammatical errors. Scammers are also luring users via text and phone calls, and people all over the UK are contacted for new test kits designed specially to detect Omicron.
How does it work?
There is a link at the bottom of the correspondence. If the recipient of this email chooses to click on the link, they are redirected to a fake NHS page where they are asked to enter PII such as:
- Full name,
- date of birth
- Email address
- Home address
- phone numbers
- Mother’s maiden name.
The scam also asks for a £1.24 delivery fee for the test.
Which? has submitted its findings to the UK National Cyber Security Centre (NCSC) and warns users to stay cautious of this campaign and similar other lures involving Omicron.