Back when Covid-19 had started spreading around the March of 2020, we had already expressed our disgust at how cybercriminals will exploit any current event no matter how tragic or globally impacting. The Covid-19 phishing attacks were proof that hackers are always set to pounce at whatever opportunity they can get, no matter how humbling or disturbing the scenario. Now, as news of Omicron phishing attacks breaks out, we are once again assured that businesses and citizens have to be constantly on their toes to prevent cybercrime.
UK’s NHS Exploited for Omicron phishing scams
Earlier, when the coronavirus was still mysterious and highly dangerous, health organizations like WHO and CDC were targeted for phishing. Now we are seeing similar patterns as Covid-19 variant, Omicron, has started infecting masses across the globe.
UK’s National Health Service (NHS) is now under the radar of brand impersonators and phishers. Victims have already started getting emails from NHS ids that promise free PCR tests for the Omicron variant.
According to UK’s watchdog Which? these Omicron phishing attacks have started reaching people in the UK. The means of spreading the phishing links are email, text, and even voice calls. The ruse this time? These hackers supposedly have advanced medical test kits, which are especially capable of detecting Omicron infection.
Here’s some of the content from emails sent as part of the Omicron phishing scam:
“NHS scientists have warned that the new Covid [sic] variant Omicron spreads rapidly, can be transmitted between fully vaccinated people, and makes jabs less effective. However, as the new covid [sic] variant (Omicron) has quickly become apparent, we have had to make new test kits as the new variant appears dormant in the original tests.”
At the bottom of the error-ridden communication, is a phishing link that navigates to a fake NHS page. This page requests for user information like full name, DoB, address, contact details, and email address.
Besides stealing this personal information, the spam NHS site also demands a payment of 1.24 pounds as a delivery commission, along with the victim’s mother’s maiden name. This gives the hackers access to their victims’ banking details too.
This is a classic case of relying on chaos and anxiety to slip in phishing attacks.
“Phishing attacks and other scams often exploit emotions to get people to react quickly and without thinking things through,” Erich Kron, a security awareness advocate said. “This new COVID-19 variant has some significant emotional weight for people who are tired of lockdowns and the continuing impact of the pandemic, making it a powerful tool to get people to click.”
Which? has alerted the National Cyber Security Centre (NCSC) in UK to these Omicron phishing attacks but it is widely expected that phishing scams related to this Covid-19 variants will continue and become more dangerous as Omicron starts affecting more people.
Citizens should be on high alert and be wary of all communication about Covid-19 or its variants. Always cross-check with presiding medical and organizational authorities before giving in to the urge of knowing more about the variants or protecting yourself against it. Anyone who received the fake Omicron PCR test mails should report it to NCSC so the cybersecurity unit has more live data to work with.
Why is email delicate in such situations?
Although vishing and smishing are used to bait victims, email phishing remains the most widely used means of perpetrating cyber scams. Protect your email with the right tools and avoid getting into the mess of phishing scams and cyber fraud.
At a personal level, use caution while dealing with any Omicron-related emails, and look for obvious mistakes in digital communication like grammar, spelling etc. Also, hover over links to find out the actual target location, which can easily be masked with a harmless link text.
From an organizational perspective, your best bet to stay safe from Omicron and other phishing campaigns by investing in a security tool that will automate your email security for you.
Another tool in your arsenal is a deep and clear understanding of how phishing scams work, so you can spot one from miles out. Our guide on phishing prevention has got you covered.