The Chartered Trading Standards Institute (CTSI) has revealed evidence of an SMS phishing scam, warning the victim that “Someone who came in contact with you tested positive or has shown symptoms for Covid-19 & recommends you self-isolate/get tested.”
The message contains a link to a bogus website which asks for the personal details of the user. Scammers may use the information to gain access to bank accounts and commit other forms of identity fraud.
With the NHS currently trialling a new contact-tracing app in the Isle of Wight, this is particularly concerning news.
Mollie MacDougall, threat intelligence manager at Cofense commented: “Across the world, people’s lives have been profoundly changed by the spread of Covid-19. For cyber criminals, the pandemic sadly presents a new wave of opportunity, as evidenced by the explosion of Coronavirus-themed phishing attacks over the last three months. This example is particularly malicious and abhorrent, given that it plays on the NHS’ new contact-tracing app, which could potentially be rolled out to a huge percentage of the UK.
This example of SMS phishing will almost certainly be the tip of the iceberg for threat actors abusing the contact tracing app narrative for malicious intent, and the targeting of enterprises and individuals using this theme will likely increase.
As the impacts of COVID-19 unfurl, so too do the phishing themes. Just last week we found phishing emails aimed at business, claiming that a colleague had passed away or fallen ill as a result of Coronavirus, aiming to harvest users’ passwords and personal information through a malicious attachment. This is one of several themes related to the pandemic. Threat actors are willing to go to any psychological length to attract their victims, but it is important to exercise the utmost caution and restraint in the face of emotionally jarring emails or text messages. Be aware of the fact that phishing scams are abundant, and if something about a message seems off, remember that it very likely is.”
Scams related to the coronavirus pandemic have increased in March, and Action Fraud reports that COVID-19 scams stole over £2 million during this time. Consumer protection experts fear that more scams themed around the contact tracing app will appear once it is released nationally.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/