Hacker News
Phishing Campaign Targets UK Citizens Who Wish to be Vaccinated from COVID-19

It’s no surprise that threat actors would take advantage of the current worldwide situation and come up with a tailor-made solution. This time, with everyone’s anxious rush to get vaccinated from COVID-19, some hackers began a phishing campaign in the UK, to target victims who want to get themselves in line faster.
Many UK citizens became recipients of emails that pretend to be from the UK’s National Health Service (NHS) that say that they’re eligible for COVID-19 vaccinations. This would sound appealing to many as people worldwide want to receive their vaccinations and return to normalcy as soon as possible. For UK readers, kindly note that the email comes from
noreply@nhs.gov.uk
while the NHS only uses
nhs.uk
Note the clever addition of the “.gov” suffix to convince people that the email is still from the government.
Recipients who decide to open the email and tap on the message will be brought to a fake NHS site, saying that they qualify due to family medical history and genetics, putting a dash of science to an already seemingly convincing email.
Clicking Accept or Reject will lead the user to a page requesting for personal information such as complete name, date of birth, address, mobile number as well as credit card and banking information. The latter would be useless to an agency such as the NHS unless they’re selling the free vaccine. And to provide a sense of assurance, after entering the information, the user will be directed to the real NHS site.
The NHS has already tweeted that the vaccine is free, meaning that any app or site that asks for financial information is a scam and that any emails from them would exclusively come from “nhs.uk” and not in any other form.
For people who have unfortunately become victims of the scam, it’s advised that they quickly inform their respective banks to lock or secure their bank and credit card accounts, to monitor those accounts and to contact CIFAS (the UK’s Fraud Prevention Service) to check if anyone has made any financial transactions on their behalf.
(NHS Tweet)