Search

Further warnings of vaccine scam notifications

We’re once again reminding people to be mindful of Covid-19 vaccination scams after the BBC published a case study of how a recipient of an official-looking email very nearly got scammed.



The BBC reported that Sioban Moore, from North Yorkshire, avoided being duped by the slightest of margins after receiving an email, supposedly from the NHS, inviting her to get her jab.


Sioban has been helping to drive people to hospital appointments and collect shopping for people during the pandemic. And because of her volunteering work with vulnerable people, she had been expecting her vaccination appointment notification.


"I was very keen to accept the invitation," she told BBC Radio 4's You and Yours.

The message told her that unless she responded within 12 hours, the opportunity would be passed on to someone else. Not wanting to miss out, Sioban clicked on the link in the email and accepted the invitation.


Her personal details were then requested, including date of birth, phone number, email address - and most frightening of all - her bank details.


The scammers said the inclusion of her bank details was to cover any costs that might be incurred by the vaccine process.


"I got up and went to my purse and got out my credit card. I looked at it and the penny dropped massively," she said.


Luckily, Sioban realised it was a fraud just in the nick of time and thankfully, no money left her account. But numerous people have not realised this is a scam and have parted with cash.



A BBC Freedom of Information request discovered that between 1 December 2020 and 25 June 2021, 1,168 reports were received by police forces across the UK of Covid vaccine-related scams - that's double the number for the previous six months.


These scams led to the loss of at least £388,468.44 from victims.


But worryingly, these are only the figures of reported cases recorded by Action Fraud, and it’s thought that the actual figure could be substantially higher.


"I felt such boiling anger," Sioban says. "It's exploiting people's vulnerability and fear, particularly fear, that we are all gripped by due to this virus and the situation we are in.


"I was so angry that this could happen - not least with myself for nearly being taken in."


As we’ve reported before, fraudsters will often send a text or an email claiming to be from the NHS asking for personal details like your name, address, date of birth, and phone number - or as in Sioban's case - mother's maiden name.


This information will then be used against you. The same people will call you pretending to be from your bank and will ask whether you were sent a text or emailed about a Covid-19 vaccine.


When you say yes, they - still claiming to be your bank - tell you that your account is under attack and your money should be moved into a safe account they will set up for you. This is when they steal your money.

The BBC spoke to Sarah Lyons, from the National Cyber Security Centre (NCSC), about these scams.


"Unfortunately criminals are taking advantage of the pandemic to try to make money out of all of us. We see them using a huge variety of methods, such as the email with links, or text messages and phone call - these phishing attacks."


There are ways to protect against these scams. If you suspect that you have received a phishing email, then forwarding the email to report@phishing.gov.uk will send it into the system of the NCSC.


If it is found to be malicious, then it will be blocked or taken down. If you receive a text, forward it to 7726.


Ms Lyons said that since the email reporting service was launched just over a year ago, they had received more than six-and-a-half million email reports from the public.


These have led to more than 50,000 scams being blocked and 97,000 scam URLs being brought down.


Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.