top of page

Covid Passports - potential scams to look out for

Covid-19 vaccine passports could be introduced in Northern Ireland on November 29, according to the Department of Health. Time, then, to warn of vaccine passport scams.

The news coming out of Northern Ireland is that their use will see people providing a passport or proof of a negative Covid test result to access venues like nightclubs, pubs and restaurants.

But where do you get one, how do you use it and when do you use it? Allow the BBC to explain that.

We’ve been made aware of a Covid Vaccine Passport scam email which purports to be from the NHS and informs recipients that they can apply for their “Digital Coronavirus Passports”

The email contains a link and recipients are encouraged to click on it for details of how to obtain a passport. Clicking on this link takes the user to a convincing but fake NHS website that asks for personal details and payment details for an admin fee.

The website has since been taken down, but with the news that Northern Ireland is likely to go ahead with these passports, the likelihood is that similar emails/websites will appear, so be mindful that, at the time of writing, the only way to get a legitimate document is to begin an application for a Covid certificate by setting up an account on the NI Direct website. If you do not already have one, this will require you to verify your identity with photo ID.

You must then download the COVIDCertNI app. Again, more information on obtaining a passport is available on the BBC website.

Although this news, at the current time, is specific to Northern Ireland, fraudsters could potentially try to capitalise on the uncertainty that still exists amongst many people. They will attempt to confuse people with authentic-looking emails and websites. Our advice is to wait for official announcements; keep an eye on the news and if you do receive an email you're unsure of, do not click the link, as it's likely to be a phishing scam. Seek further guidance on

Phishing scams can be reported to SERS (Suspicious Email Reporting Service):



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page