The UK consumer watchdog – Which? has detailed a new phishing campaign based on the new COVID-19 variant, Omicron.
The ongoing campaign targets people in the UK, fake offering them free checkup kits from NHS for testing the Omicron variant. It’s aimed at stealing the PII of people, and also collecting petty payments for delivering the kits, thereby stealing their bank details too.
Omicron Based Phishing Campaign
Last week, many health institutions including the World Health Organization have declared that COVID-19’s new variant – Omicron is a concerning matter. It’s subjected to spread rapidly than previous variants and has more impact on society if not properly handled.
This drove people crazy, and make up their minds for the next big wave of lockdown. As they fear their lives yet again, scammers are leveraging this situation to cash on their fear. As Which? the UK’s consumer watchdog reported, there’s a new phishing campaign based on the Omicron variant in wild.
Targeted as the UK people, the phishing campaign starts with an email, SMS, or over a phone call, where the scammer triggers fear in unsuspecting people about the Omicron variant and asks them to reveal sensitive details for testing kits from the NHS.
A sample email shared by Which? read as
“NHS scientists have warned that the new Covid [sic] variant Omicron spreads rapidly, can be transmitted between fully vaccinated people, and makes jabs less effective. However, as the new covid [sic] variant (Omicron) has quickly become apparent, we have had to make new test kits as the new variant appears dormant in the original tests.”
This may trigger the target to quickly act upon and click on links embedded within. Once did, it’d take them to a phishing page similar to NHS, asking for details like full name, date of birth, address, phone numbers, and email address for registration.
Besides the PII, they also ask the person to pay a small fee of £1.24 and mention their mother’s maiden name for delivering the kits. While they don’t really deliver any kits as said, they instead steal the PII and banking details of the victim!