Omicron Phishing Scam Already Spotted in UK

Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data.

The global pandemic has provided cover for all sorts of phishing scams over the past couple of years, and the rise in alarm over the spread of the latest COVID-19 variant, Omicron, is no exception.

As public health professionals across the globe grapple with what they fear could be an even more dangerous COVID-19 variant than Delta, threat actors have grabbed the opportunity to turn uncertainty into cash.

U.K. consumer watchdog “Which?” has raised the alarm that a new phishing scam, doctored up to look like official communications from the National Health Service (NHS), is targeting people with fraud offers for free PCR tests for the COVID-19 Omicron variant.

Infosec Insiders Newsletter

The Centers for Disease Control (CDC) and the World Health Organization WHO) list Omicron as a “variant of concern” of the COVID-19 virus, and warned this week that it’s spreading rapidly around the world. Public-health officials aren’t sure yet how effective current vaccines and other mitigation strategies will be against the mutation, according to CBS News.

Once again, global pandemic distress has presented an opportunity for scammers.

Omicron Anxiety Fuels Scam

Sent by text, email and even offered over the phone, threat actors are contacting people across the U.K. offering them what they say are new test kits specifically designed to detect the Omicron variant.

“NHS scientists have warned that the new Covid [sic] variant Omicron spreads rapidly, can be transmitted between fully vaccinated people, and makes jabs less effective,” one phishing email discovered by Which? read. “However, as the new covid [sic] variant (Omicron) has quickly become apparent, we have had to make new test kits as the new variant appears dormant in the original tests.”

Besides giving false information, the email is littered with grammatical errors. But, should a victim click on the link at the bottom of the correspondence, it takes the person to a fake NHS page that asks for full name, date of birth, address, phone numbers and email address.

In addition to harvesting personally identifiable information (PII), the site also asks for a £1.24 as a delivery fee and mother’s maiden name, giving the scammers access to the target’s banking information as well.

This, and other pandemic-related phishing campaigns, rely on the victim’s anxiety to cause them overlook obvious signs of fraud.

“Phishing attacks and other scams often exploit emotions to get people to react quickly and without thinking things through,” Erich Kron, security awareness advocate at KnowBe4, told Threatpost. “This new COVID-19 variant has some significant emotional weight for people who are tired of lockdowns and the continuing impact of the pandemic, making it a powerful tool to get people to click.”

The watchdog has submitted its findings to the National Cyber Security Centre (NCSC), but warned that other similar Omicron bait is likely to surface over the next several weeks — so consumers should be on alert.

COVID-19 Phishing Frenzy

Last year, when COVID-19 vaccines began rolling out, one analysis from Barracuda Networks found between October 2020 and last January, the average number of vaccine-themed spear phishing attacks grew by 26 percent.

By May, the U.S. Attorney’s Office and the Department of Homeland Security shut down a scam site targeting immigrant communities with vaccine-related phishing scams.

Besides vaccine lures, the pandemic has inspired spear-phishing campaigns offering fake COVID-19 relief checks and even job opportunities for those left unemployed by widespread shutdowns. Even people who held onto their jobs were targeted once they returned to work, with scam emails purporting to offer new office COVID-19 protocols. They instead stole their login credentials.

Users should be cautious about almost any unsolicited communication relating to COVID-19. Anyone who received one of these scam Omicron PCR test emails is advised by Which? to forward it via report websites to the NCSC.

There’s a sea of unstructured data on the internet relating to the latest security threats. REGISTER TODAY to learn key concepts of natural language processing (NLP) and how to use it to navigate the data ocean and add context to cybersecurity threats (without being an expert!). This LIVE, interactive Threatpost Town Hall, sponsored by Rapid 7, will feature security researchers Erick Galinkin of Rapid7 and Izzy Lazerson of IntSights (a Rapid7 company), plus Threatpost journalist and webinar host, Becky Bracken.

Register NOW for the LIVE event!


Suggested articles