Just as you thought that cybercriminals had exploited every aspect of the pandemic with phishing, vishing, smishing and more, there are now warnings to beware of fake contact tracer messages.

Contact Tracing in the UK

Here in the UK, NHS contact tracers are now contacting those persons who are believed to have been in close contact with those who have tested positive for COVID-19.  The system works by those who test positive filling in a form (while they are well enough to do so) detailing where they have been plus when and who they have been in contact with.  From there, the NHS tracer contacts those who are believed to have been in close contact (via phone or text) and asks them to self-isolate for 14 days, the period by which symptoms of an infected person should have shown. Close contact is defined as face-to-face contact/close proximity for more than 15 minutes. 

This contact tracing service has been put into place before the app, which is designed to automatically do the same thing but has not been released yet.

Scam Messages

The type of scam messages that have already been observed by many people was highlighted by Stuart Fuller, Chairman of Lewes Football Club.  On his Twitter page, Mr Fuller shared a screenshot of a text message from the fraudsters and warned that such messages are not genuine and that clicking on the link in the message would lead to a phishing page.

The screenshot showed a text message which had a recommendation for the recipient to self-isolate because they had been in contact with someone who had tested positive for or showed symptoms of COVID-19.  The message included a link to follow for the recipient to get more information.

How?

On his blog, ethical hacker Jake Davis highlights how the problem with the UK government using SMS during COVID-19 is that people are more vulnerable than ever to fake information and SMS messages can easily be made to look as though they come from the government.  In a blog post, Mr Davis says that making an SMS message appear to come from the government is as simple as inserting “UK_Gov” instead of some digits as the sender.

What Does This Mean For Your Business?

This and other similar types of smishing and phishing attacks are predicted to increase this year, and their success and prevalence is a sign of how vulnerable the COVID-19 outbreak it makes people feel, and how their search for and emotional reactions to information about health and financial matters are playing into the hands of criminals who are happy to exploit anyone.  Companies and organisations need to educate their staff about the threat, while businesses and individuals need to be vigilant and cautious about any unusual SMS messages or unsolicited phone calls, particularly those that offer rewards, create panic, warn of unpleasant consequences, or apply a feeling of pressure to act. Bear in mind that it is relatively easy to fake the source of a text message and although receiving such a message may at first be a shock, it is worth checking that the supposed government/NHS SMS is genuine before thinking about clicking on any links.