Do you want a COVID-19 vaccine? If so, watch out – online email scams have been preying on the public’s desperation for a post-COVID life by creating false NHS emails promising to provide the vaccine if you, conveniently, provide your personal banking information. What a bloody nuisance.
The emails, which feature the subject line “Book an appointment using the NHS e-Referral Service – NHSVaccination”, popped up on 25th January 2021. They feature the NHS logo, the words “Test and Trace”, a blue banner – all the official bits – except they’re fake.
Emphasising the need for people to “book” both their first and second dose of the vaccine within a 12-hour window or lose out completely, the scam demonstrates the considerable lengths that have been taken to manipulate members of the public. Thousands of people have reported falling victim to COVID-19 vaccination email scams like this, or phishing emails, according to ActionFraud, the UK’s national reporting centre for fraud and cybercrime.
“Cyber crime has reached an all-time high with a huge increase in these types of scams,” says Stephen Burke, CEO of Cyber Risk Aware. “Cyber criminals prey on people’s vulnerabilities and in current times there is a lot of fear, panic and stress in the general population, putting people in an even more exposed position. Furthermore, there’s a great deal of confusion surrounding COVID-19, compounded by conflicting and constantly changing information. This uncertainty lends itself to many people being unsure of where to look for correct up to date advice and more likely to click on emails or text messages that appear to be from a trusted source like the NHS.”
So – the important question – how do you know an email is fake?
The first thing to notice is the email’s contact name. The majority of fraudulent emails about vaccinations will be sent under the name “email@example.com” or ‘“NHS - National Health Service”, which looks official but is not the actual email address of the sender. Instead, it’s the name – rather than the email address – of the contact sending the email. Click on the drop-down arrow next to the sender’s name and their email address will be revealed, highlighting whether the email is actually from the NHS or not.
It’s worth also noting that in examples of official NHS communication regarding vaccination, there has almost always been a reference to where the vaccination site will be or which NHS branch is administering the vaccine in your local area.
George Spender, 33, who received one of these phishing emails this week, says: “I treat every email with a dose of skepticism because I very nearly fell for a fake TV license email once. This one did look like a pretty good attempt at first but the sender address (in Japan?) gave it away. There were little typos, too. I didn’t click any links. My GP surgery has been sending me text updates about vaccinations so I was pretty certain this wasn’t legit."
If – after clicking the drop-down box next to the sender’s name – you’re still unsure, the most concrete way to know this is fraudulent is that these scammers always ask for money. Regardless of how official the website you’re on looks, if you’re being asked to hand over details then it’s a scam.
In a recent press release from the NHS informing the public of the dangers of scams, Dr Nikki Kanani, GP and NHS Medical Director for Primary Care, said “Remember, the vaccine will always be free on the NHS. Our staff will never ask for, or accept, cash for vaccines, never ask for your banking details or identity documents, and will never come around to your house unannounced.”
In a statement to VICE, Cabinet Office Minster Julia Lopez of the Department of Health and Social Care said: "Vaccine scams are callous and despicable so it's vital people understand that the NHS will never ask for cash or financial details to pay for the vaccine or verify a patient’s identity.
“Throughout the pandemic, fraudsters have adapted their methods to take advantage of COVID support schemes and exploit vulnerable people when they feel at their most anxious.
“We would encourage the general public to contact ActionFraud, the National Cyber Security Centre or Crimestoppers if they feel they have been a victim of fraud.”
The National Cyber Security Centre (NCSC) are asking anyone who believes they have received a fraudulent email to report it to it’s Suspicious Email Reporting Service by forwarding the vaccination email to firstname.lastname@example.org which will help prevent future victims of this crime.
If you think that you have been a victim of fraud contact ActionFraud as soon as possible on 0300 123 2040 or visiting www.actionfraud.police.uk.