Industry News

Cybercriminals Impersonate UK’s National Health Service to Spread COVID-19 Vaccination Phishing Emails

Fraudsters impersonating UK’s National Health Service (NHS) are actively exploiting the COVID-19 vaccination campaign to dupe citizens into providing their personal information through various phishing emails.

The campaign seems to have started on January 25, as seen in the scam recipients’ multiple Twitter posts.

In one version of the phishing email, users are asked to confirm or reject the coronavirus vaccination by accessing the appropriate link.

Regardless of what they may choose, the links direct them to a fake NHS page that asks for personal information such as your name, ‘mother’s maiden name, home address, date of birth, phone number and even credit card details.

“I got this via email. It looks very real, and so does the site that it takes you to”, one Twitter user said. “BUT they ask for bank card details! This is so difficult especially when we read we may be contacted to book via email, text or letter.”

NHS COVID-19 phishing email

Although the email layout may seem legitimate, another user pointed out a red flag, noticing a suspicious email address added in the email’s CC field.

“My wife just received this,” he said. “Can’t believe people are using This method at a time when people feeling so anxious to get a vaccine jab. It looked very legit until we saw the email address in the CC list.”

The NHS was quick to respond to news regarding the fraudulent emails, assuring the population that the COVID-19 vaccine is free of charge.

The agency also provided a checklist for spotting the scam, explaining that citizens are not required to apply for the vaccine or share any documents that prove their identity including, copies of passports, driver’s license, bills and bank details.

Despite public awareness campaigns advertised by UK government agencies, some citizens have already fallen victim to scammers, providing personal and financial information via fraudulent online forms.

Assuming that any provided information will fuel identity theft and fraud-related crimes, victims should notify the appropriate UK government agencies and police. Report any stolen documents to the organization in charge of issuing your credit cards, driver’s license, or passport. Review your credit card statements and bank accounts for any fraudulent charges.

About the author

Alina Bizga

Alina has been a part of the Bitdefender family for some years now, as her past role involved interfacing with end users and partners, advocating Bitdefender technologies and solutions. She is a history buff and passionate about cybersecurity and anything sci-fi. Her spare time is usually split between her two feline friends and traveling.