About the last few years, the global pandemic has given cover for a variety of phishing schemes, and the spike in anxiety over the spread of the current COVID-19 version, Omicron, is no exception.
Threat actors have seized the chance to turn doubt into revenue as public health officials around the world deal with what they believe will be an even more lethal COVID-19 version than Delta.
A new phishing scam, doctored up to seem like official emails from the National Health Service (NHS), is targeting consumers with fraud offers for free PCR testing for the COVID-19 Omicron variation, according to the UK consumer watchdog “Which?”
Omicron is a “variant of concern” of the COVID-19 virus, according to the Centers for Disease Control (CDC) and the World Health Organization (WHO), who warned this week that it is spreading fast throughout the world. According to CBS News, public-health authorities are unsure how effective current immunizations and other mitigating efforts will be against the mutation.
Scammers have taken advantage of worldwide pandemic anxiety once again.
Scam Fueled by Omicron Anxiety
Threat actors are approaching people throughout the United Kingdom by text, email, and even over the phone, claiming to have new test kits particularly tailored to identify the Omicron version.
According to one phishing email obtained by Which?, “NHS experts have warned that the new Covid [sic] variant Omicron spreads quickly, may be passed amongst fully vaccinated persons, and renders vaccinations less effective.” “However, we have had to develop fresh test kits since the new covid [sic] variation (Omicron) has soon become obvious, as the new variety seems inactive in the earlier tests.”
The email is riddled with grammatical faults in addition to providing misleading information. If a victim clicks on the link at the bottom of the email, they will be sent to a phony NHS website where they will be asked for their complete name, date of birth, address, phone numbers, and email address.
In addition to collecting personally identifiable information (PII), the site requests a £1.24 delivery fee and the victim’s mother’s maiden name, giving the fraudsters access to the victim’s banking information.
This phishing attempt, like others linked to the pandemic, relies on the victim’s fear to make them miss evident symptoms of fraud.
“Emotions are frequently exploited in phishing assaults and other frauds to get people to respond impulsively and without thinking things through,” said Erich Kron, security awareness advocate at KnowBe4. “For those who are tired of lockdowns and the pandemic’s ongoing effect, this new COVID-19 variation has enormous emotional weight, making it a potent instrument to induce people to click.”
The watchdog has reported its findings to the National Cyber Security Centre (NCSC), but has cautioned that more Omicron bait is expected to appear in the coming weeks, so consumers should be on the lookout.