Scams taking advantage of the Coronavirus Pandemic are rampant. And well, have been since the start of it.
It's no wonder, considering Covid-19 is A. a large scale event that has impacted almost everyone, young and old on earth and B. an event that has required the government and other official medical bodies to reach out to citizens.
For scammers, there are a lot of opportunities here. Impersonate the relevant government and medical organisation correctly, and it's pretty easy to take advantage of people's worry and panic to steal their information.
Speaking of which, yet another text scam has been identified that is impersonating the NHS, which if you are not from the UK, is the United Kingdom's National Health Service. The NHS has offered free vaccinations and testing across the country in response to Covid-19.
The UK Government and the NHS use text messages for a range of purposes, which can include: notifications, reminders, multi-factor authentication, alert's etc. So receiving an SMS from either organisation is not uncommon.
As I'm sure you're aware, malicious SMS messages that seek to scam recipients are nothing new either.
This specific text took advantage of the desire for PCR tests to detect Covid here in the UK, by offering its recipients a made-up new 'PCR device' that could be used multiple times and offer faster results.
The PCR device would also produce for the user a verified 'Covid Test Pass' for each time the test came back negative. The new device was 100% free, but in limited supply, meaning recipients needed to click on the link in the SMS message below, to secure theirs as soon as possible.
Securing this meant, of course, entering their payment details and address on a legitimate-looking fake website.
It would be amazing, with the shortage of PCR tests UK citizens have endured, if this device was real. But unfortunately, it is very much a scam. And those who clicked the link in the SMS message were at risk of having their details and money stolen.
Users looking for signs this was a scam should start with the fact that SMS is not going to be the first way the government would announce such an incredible product. You would be hearing about this device in the news, from the press, way before it was even created before you got invited to order one.
In addition to this, the text itself did not have the standard end of an NHS connection. Usually, this is NHS dot UK, but this message had a dot COM address. Something easy to overlook, if you are suddenly bogged down by the desire to be one of the lucky few with your PCR home testing device.
Scams like this demonstrate the sheer commonality of scams, and how they specifically seek to whip up overwhelming emotions, like fear, anxiety, joy, excitement, in the recipient. These emotions are what cause users to overlook fishy details and act compulsively without thinking.
Scams like this are great examples that you can show your staff during security training, to highlight the importance of keeping a security-first mindset.
When you receive a text, no matter how alarming, the first step should always be to stop, wait, and pay attention. Pay close attention to the recipient, to the sender address, to the content, to the context and truly assess how likely it is this message is genuine.
Reacting immediately, even if it is a legitimate text, email or phone call, never benefits the recipient, causing poor decision making even in a genuine situation.
This is, of course, easier said than done, which is why working on your staff's behaviour through helping them build a security-first mindset is so important.