Omicron Phishing Campaign Hits User Inboxes

Online fraudsters have reacted quickly to news of a potentially new severe COVID-19 variant, with a carefully crafted phishing email campaign, according to observers.

Consumer rights group Which? spotted the email, which is designed to appear as if sent from the NHS, and urges recipients to get a new PCR test for the Omicron variant.

Two separate versions of the same email feature a link and a legitimate-looking “get it now” button.

“The fake email was also sent to a Which? member from ‘NHS Customer Service’ using the email address ‘contact-nhs[AT]nhscontact.com.’ This email address may seem authentic, but it has nothing to do with the genuine NHS,” Which? explained.

“As well as falsely claiming that the new COVID variant requires new test kits, the email invites readers to visit the site shown in the above image. But clicking the link takes you to the true web address – ‘healt-service-nh.com’ — which is a copycat of the NHS website set up just days ago.”

The phishing site then asks users to enter their full name, date of birth, address, mobile number, and email address, as well as their mother’s maiden name – which scammers could use to craft follow-on identity fraud attacks.

It also asks for a small payment of £1.24 for ‘delivery’ – presumably, if users proceed with this they will also have their bank card details stolen.

Which? reported the scam to the National Cyber Security Centre’s Suspicious Email Reporting Service, which has been incredibly popular during the pandemic.

According to the NCSC, it accrued 5.9 million reports over the past year, leading to the removal of more than 53,000 scams and 96,500 malicious URLs.

At the height of the first wave of the pandemic, in April 2020, Google claimed to be blocking over 240 million COVID-themed spam messages each day and 18 million malware and phishing emails.