The NHS last week warned of “fake emails” asking people to order an “omicron PCR test” and asking for their bank details. Consumer group Which? also reported rogue sites charging fees for tests which can be obtained for free from the NHS.
Victims who click on the links are led to a sham NHS website and told to fill in their personal details so they can be tested and “avoid the restrictions”.
In one example targets of the scam were asked for security questions such as their mother’s maiden name, a detail which is commonly used in security checks when logging into financial accounts
Cifas said these details could then be used to hack into people’s accounts or for further financial crimes such as identity fraud.
The Department for Education warned that schools and parents were being targeted, as pupils prepare for mass testing on their return from the Christmas holidays in January.
The NHS said it would never ask for anyone’s bank account or card details, online banking passwords or login details, or copies of personal documents such as a passport, driving licence, bills or payslips.
It urged people to flag the messages to the National Cyber Security Centre.
The Government department shut down 442 phishing campaigns using NHS branding between September 2020 and August 2021, more than four times the number recorded in the previous year.