The appearance of the Omicron COVID-19 variant is rapidly exploited by phishing actors, who now employ it as bait in their malicious email operations. Threat actors quickly adapt to the newest trends and popular issues, and instilling fear in individuals is an excellent method to get them to open an email without thinking it through first.
In this situation, the Omicron variant is a new COVID-19 strain that has experts worried about its high transmissibility and the possible ineffectiveness of current vaccinations against its alterations. This makes it a perfect phishing target, since even those vaccinated are concerned about how Omicron would impact them in the event of an infection.
Two instances of new phishing emails purporting to be from the United Kingdom’s National Health Service (NHS) warning about the new Omicron version were disclosed by the UK’s consumer protection organization ‘Which?’ These emails promise recipients a free Omicron PCR test to enable them to get over restrictions. The fraudulent address used to distribute these emails is ‘contact-nhs@nhscontact.com’, which adds confidence to the emails.
The receiver is sent to a counterfeit NHS website that claims to provide the “COVID-19 Omicron PCR test” if they click on the linked “Get it now” button or touch the URL in the email body. After that, the victims are asked to give their full name, date of birth, mobile phone number, home address, and email address. Finally, they are asked to pay £1.24 ($1.65), which is meant to cover the test findings’ delivery cost.
The goal is to take the victim’s payment information, such as their e-banking passwords or credit card information, rather than the money itself. The victim is also asked to submit their mother’s name at this phase, which the actors might exploit to avoid security questions during a second account takeover attempt.
If you suspect you’ve put your information on a bogus website, call your bank right once and cancel any compromised cards or accounts. Monitor your bank accounts and scrutinize the transactions for any indications of fraudulent activity. If you get a questionable email, please report it to “report@phishing.gov.uk.” Send smishing messages to 7726 to report them.
