A new phishing campaign offering fake data-stealing NHS tests is taking advantage of people’s concerns and fear regarding the new COVID-19 Omicron variant.
Omicron Variant Scam Preying On Your Uncertainty
Since the beginning of the pandemic in 2020, cybercrooks have been finding new ways to turn people’s anxiety into cash. And with the latest COVID-19 variant spreading, scammers hopped on new opportunities to net good money from unsuspecting victims.
With the new variant being supposedly more dangerous than Delta, a new horizon of possibilities has just opened for the bad guys.
In a recent post, U.K. consumer watchdog “Which?” pointed out a new phishing scam, made to appear like official communications coming from the NHS (National Health Service). The malicious campaign targets people with fraudulent offers for free PCR tests for the new COVID-19 Omicron variant.
The CDC (Centers for Disease Control) and the WHO (World Health Organization) reported that Omicron was a “variant of concern” of the COVID-19 virus, and warned of its rapid spreading worldwide. According to CBS News, officials aren’t sure yet how effective current vaccines are against the aggressive mutation.
How It Works
Threat actors are contacting people across the U.K. by text messages, emails, or even phone calls, falsely claiming to offer them new PCR tests designed to detect the Omicron variant.
“NHS scientists have warned that the new Covid [sic] variant Omicron spreads rapidly, can be transmitted between fully vaccinated people, and makes jabs less effective,” one phishing email discovered by Which? read. “However, as the new covid [sic] variant (Omicron) has quickly become apparent, we have had to make new test kits as the new variant appears dormant in the original tests.”
If the recipient clicks on the link at the bottom of the email, they will be redirected to a fake NHS webpage that asks for full name, date of birth, address, phone numbers, and email addresses.
In addition to gathering PII (personally identifiable information), the copycat site also demands a £1.24 delivery fee and the victim’s mother’s maiden name, giving the threat actors access to their banking details as well.
These types of scams rely on the victim’s anxiety, so they’re less likely to detect otherwise obvious signs of fraud.
“Phishing attacks and other scams often exploit emotions to get people to react quickly and without thinking things through,” Erich Kron, security awareness advocate at KnowBe4, explained. “This new COVID-19 variant has some significant emotional weight for people who are tired of lockdowns and the continuing impact of the pandemic, making it a powerful tool to get people to click.”
The watchdog expects more Omicron variant-based phishing scams to surface in the weeks to come and has submitted its discoveries to the NCSC (National Cyber Security Centre).
Protect Your Business From Phishing Scams With ATTACK Simulator
Phishing scams can be all the more devastating when scammers target businesses. Make sure you keep your company safe this holiday shopping season with robust security awareness training for your employees.
- To prevent cyberattacks and breaches
- To strenghten your technological defenses
- To attract more customers
- To make you more socially responsible
- To empower your employees
- To meet compliance standards
- To prevent downtimes and maintain a good reputation
Our realistic phishing simulations will expose your employees to life-like hands-on fake phishing attacks.
Here are some awesome perks of choosing us:
- Automated attack simulation – we simulate all kinds of cyberattacks: phishing, malware, ransomware, spear-phishing, identity theft, online privacy attacks, online scams etc.
- Real-life scenarios – we evaluate users’ vulnerability to give company-related or pesonal data away using realistic web-pages.
- User behavior analysis – we gather user data and compile it in extensive reports to give you a detailed picture of your employees’ security awareness level.
- Malicious file replicas – our emails contain malware file replicas, to make the simulation as realistic as it can be.
- Interactive lessons – if employees fail to recognize our traps and fall into one, they will be redirected to landing pages with quick reads on the best security practices.
- We impersonate popular brands on our simulated phishing pages – the user will be more tempted to click on the URL or open the attachment in the email.
ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irremediable damage.
Threatpost Omicron Phishing Scam Already Spotted in UK