Scammers exploit Omicron fears in new COVID‑19 phishing campaign

Sensing another opportunity to take advantage of fears surrounding the COVID-19 pandemic, scammers are deploying a phishing campaign where they attempt to exploit the emergence of the Omicron coronavirus variant in order to line their pockets, warns British consumer watchdog Which?.

In an email obtained by Which?, the fraudsters pose as the National Health Service (NHS), the United Kingdom’s national healthcare provider, and offer potential victims a chance to get a “Free Omicron PCR test” that will help them avoid pandemic-related restrictions introduced recently by the British government. The email also deceptively claims that the new variant isn’t detectable by test kits used for previous COVID-19 variants and a new test kit has been developed for that purpose.

In fact, multiple versions of the email are doing the rounds, with one containing a link, while in another the link is accessed by a button. In either scenario, you would be redirected to a faux copycat NHS website that requires you to fill out a form requesting your full name, date of birth, address, mobile, and email address – basically all the information a scammer would need to pull off a pretty convincing case of identity theft and fraud, leaving the victim’s finances in shambles.

Oddly enough, while it does advertise the test as free, the website requests a delivery fee of £1.24 (US$1.64). And for good measure it gives you the option to provide your mother’s maiden name as a security question – an approach that is actually still used to help users secure their online accounts. In case victims do get duped and fill out the form, they have effectively provided the scammers with a blueprint to committing identity theft and fraud. Which? has reported the website to the UK’s National Cyber Security Centre.

Scammers eagerly switch to the topic du jour in a quest for people’s sensitive data and hard-earned money, so the fact that they’re taking advantage of the latest developments in the COVID-19 crisis is no surprise.

To avoid falling victim to similar scams, consider following these steps:

If you received an email that claims to be from an official organization, check the organization’s website and contact them using their official contact information to confirm whether they really sent that message.
Don’t click on links or download files that you received in an unsolicited email from a source you don’t know and cannot independently verify.
Use two-factor authentication (2FA) at least on your most important online accounts, as well as reputable multi-layered security software with anti-phishing protection.

Besides deploying a range of COVID-19 vaccine-related scams, criminals have also taken aim at various pharmaceutical companies and governmental organizations involved in the vaccine development, approval and deployment process. They have compromised an Oxford University research lab that conducts research into ways to combat the virus and stolen documents from the European Medicines Agency, to name just a few campaigns and incidents in the past almost two years.