'COVID Pass' Scam

In the wake of the still rampaging COVID pandemic, our daily lives suffered tremendous changes. With the advent of remote work and having to go down through one or more periods of lockdown, people became more and more reliant on online services and the delivery of products. However, one group of people saw these new developments and decided to exploit them for their personal gains. As a result, there have been countless tactics and phishing campaigns that have used the deadly disease as a lure to trick unsuspecting users.

One of the latest such schemes detected by infosec researchers is targeting UK residents. The attackers employ similar social-engineering tactics, like all the other pandemic SMS schemes. The distribute bait messages convincing the targets to open the provided link. The address of the site includes HTTPs to have the padlock icon, giving it a boost in legitimacy. However, keep in mind that the padlock by itself doesn't mean you can trust the particular website.

Once there, the targets are shown a page that imitates closely the official NHS Covid Pass website. However, the fake site asks for all sorts of personal information through multiple different pages. Users are told to provide their date of birth, postcode, and address where the supposed Covid pass credentials will be delivered. Of course, here is the twist, the fraudsters state that the sum of £4.99 must be paid for the fake Covid Pass application to be processed. Naturally, the real official Covid Pass system doesn't require users to send money to random websites.

Receiving unexpected messages should always ring some alarm bells. Look for discrepancies on the linked sites and never provide personal or banking information to even slightly suspicious pages.