Tuesday 5 January 2021 2:39 pm

Police issue warning over scam Covid-19 vaccine text message

Police have issued an urgent warning over a scam text message telling Brits they are eligible to apply for the Covid-19 vaccine.

The fake message, which purports to come from the NHS, reads: “We have identified that your [sic] are eligible to apply for your vaccine.” 

It then prompts recipients to click on a link for further information or to apply for the vaccine.

The link leads to an “incredibly convincing” fake NHS website, where fraudsters are attempting to coerce people into divulging personal or financial information.

In a statement today Derbyshire Constabulary urged people to treat any text message containing a link with caution.

“If you receive a text or email that asks you to click on a link or for you to provide information, such as your name, credit card or bank details, it’s a scam,” it said.

The fraudulent text is the latest example of unscrupulous scammers attempting to capitalise on the Covid-19 pandemic.

Fraudsters have also started cold calling unsuspecting Brits and asking them to pay for the vaccine over the phone.

Police urged Brits not to open attachments or links from people they don’t know, never to divulge personal information without verifying the person is who they claim to be and to block any numbers that arouse suspicion.

Jake Moore, cybersecurity specialist at ESET, told City A.M. that text message scams — known as smishing — were particularly effective “due to the more authentic feel and lack of ways to verify than a traditional phishing email”.

“These messages usually come packed with an element of fear too which is meant to entice the victims into clicking the link without even a moment to think,” he said.

“The recipient will be a mobile number, or a few alphanumeric characters which often gives a sense of sincerity too as this would be what you might expect playing to the advantage of the fraudsters.”

Moore said people should study the URL in any text message, as this usually indicated whether or not the link was legitimate.