Fake vaccine emails giving people the needle

In the ongoing war against the fraudsters who continue to stoop to the lowest levels in exploiting the COVID-19 pandemic, there is no surprise that the vaccine is now being used as the hook to catch innocent victims. Emails similar to the one below are being sent in the latest attempt by scammers hoping to play on the fear, uncertainty and doubt that the pandemic has caused.

Action Fraud has received more than 1,000 reports of emails being received, with most including a call to action to confirm the appointment, which takes you to another website where personal and financial details are requested, an example of which can be seen on the left hand side. If you choose to ‘decline’ the invite then you will still be asked for your personal details so that you can be “removed from the list”.

The NHS do not charge for any of the vaccines and most people will receive an invitation for their first appointment by post, although some areas where local Medical Centres will send text or emails to those who have registered for such services.

Whilst you will be asked to bring ID with you to any appointment for the vaccine, there will never be a case where you have to submit this beforehand.

Unfortunately, technology has made it really easy for fraudsters to set up these scams. However, apart from the warning signs of the contact asking for personal and financial information, you can do some simple checks yourself to check the validity of any email or text you receive.

In the above instance, the domain name that resolves after following the link in the email is not registered to the NHS – it was in fact registered just a few days ago and the registrant details are hidden behind a privacy service run out of Panama. You only need to ask yourself whether a public body such as the NHS would choose to register a domain name like that to flag this may be a scam. Likewise, check the SENT FROM address in the email – not just the name of the sender, but clicking on that should reveal the sender’s details (although not always) which is often a gmail or hotmail address.

Whilst many of the emails will lack the look of authenticity, such as the example to the right, many others will be crafted to look almost identical to genuine messages that the NHS would normally send out. There may be some clues that all is not what it seems based on poor spelling and grammar (in the example to the right you can see the line “It then goes on to say” which wouldn’t be a sentenced used in the genuine email) but others may not be as badly written or edited.

Unfortunately, these attempted scams will just grow in number over the next few months whilst the vaccine is rolled out and we all need to play our part in being vigilant and not giving the fraudsters the opportunity to illicitly gain from their nefarious activity.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s