A new text message scam is targeting people’s credit card details by posing as the NHS and asking for payment in order to create a Covid Pass, experts have warned.
Cybersecurity firm Malwarebytes has published details of the scam and urged the public to be wary of text messages containing links and asking for payment details.
It follows a spike in fraudulent messages from cybercriminals posing as parcel delivery firms during lockdown and coinciding with the rise in online shopping, with the alerts claiming a small processing fee is needed to be paid in order to release a package for delivery.
This latest scam involves a text message containing a link to a website mimicking the official NHS website, which asks users to input the exact name registered with their GP surgery, as well as their home address.
An NHS Covid Pass or vaccine certificate is used to show a person has had both doses of a coronavirus vaccination and are available to everyone in the UK through the official NHS app or website and does not require any payment.
They can be used to gain entry into domestic venues asking for proof of vaccination as well as for overseas travel.
“This attack is aimed at residents of the UK. It makes use of social engineering in a similar fashion to other pandemic-themed SMS texts, with a strong psychological aspect tied in for good measure,” Malwarebytes said in a blog post on the scam.
“It’s important to note that the UK does have an actual Covid Pass system in place. There’s a proper process in place, and it doesn’t involve handing money over to random websites. It’s also worth noting there’s been a number of other scams along these same lines.
“Should you receive one of these text messages, you can safely ignore it and report for spam while you’re at it.”