Bogus text messages that ask people to input their bank details to register for a vaccine have been circulating across the region.
Fraudsters are sending fake NHS text messages in an attempt to steal personal and financial information.
According to our colleagues at Derbyshire Constabulary, the text offers a link to an "extremely convincing" fake NHS website where people are asked to input their bank details to register for a COVID-19 vaccine.
They also say cold callers are asking people to pay for the vaccine over the phone. This is clearly a scam as the COVID vaccines being rolled out in the UK are free.
Our friends at East Midlands Special Operations Unit (EMSOU) are advising people to look out for these five key trends:
Fake URL links claiming to redirect you to GOV.UK website to claim relief payments.
Lockdown fines suggesting you have breached government regulations.
Offers of health supplements that will prevent you from being infected.
Financial support that appears to be from your bank.
Fake text messages claiming to be from the NHS advising individuals that they are eligible to apply for vaccine, but requiring sensitive data such as financial information to make a payment.
Do your staff know how to spot a phishing email? Our training course explains what they should look out for
What does the text say?
A spokesperson for Derbyshire Constabulary said: "The scam message reads 'we have identified that your are eligible to apply for your vaccine' and then prompts you to click on a link for further information or to 'apply' for the vaccine.
"If you receive a text or email that asks you to click on a link or for you to provide information, such as your name, credit card or bank details, it's a scam."
It's not the first time this scam has been attempted since the start of the vaccine roll-out.
In late December, Sussex Community NHS Foundation Trust issued a similar warning about fraudulent phone calls and messages.
What can you do about these messages?
To protect yourself and those close to you, EMSOU have issued the following advice:
Keep abreast of the news: As awful as it may seem, knowledge of attack methods and techniques will hone the ability to separate fact from fiction.
Never click links within emails or text messages: Links take you to fake websites.
Never call back using an unrecognised SMS phone number: This could lead you to speaking directly with a criminal or criminal organisation.
Use official channels: For example, use GOV.UK to find relevant information about COVID support and support services. Once the official communication channels are known you can verify information and find out what the next steps are.
Guard your data: A legitimate organisation won’t make unsolicited requests for sensitive information or payments. For example, the vaccine is only available on the NHS for free to people in priority groups. Use the official NHS app only available from Google Play or Apple Store for more.
Don’t give into pressure: If someone tries to coerce you into giving them sensitive information, end the conversation.
Watch your digital footprint: Cyber criminals will use social media accounts and relevant websites to research you and make their scams more effective. Request the removal of unnecessary information and check your privacy settings for every account.
Further advice on dealing with suspicious emails, phone calls and text messages can be found here.
Please report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to firstname.lastname@example.org. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).
The contents of this blog provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.
EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.