Latest Threat Research: Technical Analysis: Killer Ultra Malware Targeting EDR Products in Ransomware Attacks

Get Informed


UK Residents Targeted in COVID-19 Phishing Scam Pretending to be NHS

Recent reports reveal a new COVID-19 related phishing scam targeting vaccine eligible people in the UK. Emails claim to be from the NHS and falsely appear to come from the email address noreply[@] while the legitimate NHS domain is The subject contains lines that let the recipient know they’re eligible to be vaccinated. Recipients are asked to make a decision about being vaccinated, and regardless of their selection, they are brought to a fake domain that again asks them to make a decision. Similar to the email, regardless of the user’s decision they are then asked to input personal information such as name, mother’s maiden name, address, mobile number, credit card information, and banking information. If all these steps are completed, the browser refreshes to the legitimate NHS webpage. The NHS has made it clear that they will never ask for payment information and that the vaccine will be given free of charge to eligible candidates.

Analyst Notes

Although this scam mostly targets people living in the UK, it is very likely that similar campaigns will focus on citizens in the US and other countries soon. For individuals who may have fallen victim to one of these scams, the UK Information Commissioner’s Office suggests taking the following precautions:

• Report all lost or stolen documents, such as passports, driving licenses, credit cards and cheque books to the organization that issued them.
• Inform your bank, building society and credit card company of any unusual transactions on your statement.
• Request a copy of your credit file to check for any suspicious credit applications.
• Report the theft of personal documents and suspicious credit applications to the police and ask for a crime reference number.
• Contact CIFAS (the UK’s Fraud Prevention Service) to apply for protective registration. Once you have registered you should be aware that CIFAS members will carry out extra checks to see when anyone, including you, applies for a financial service, such as a loan, using your address.

Furthermore, additional phishing campaigns that take advantage of personal information accessed in the aforementioned COVID scam could be carried out. People living in the US should also inform their banks quickly if they have provided their personal identity information and bank account numbers to a suspicious website. If a Social Security Number (SSN) has been collected as well, it is important to report identity theft to the Social Security Administration and the Internal Revenue Service (IRS) to obtain an identity protection PIN for filing income tax returns.