The first Omicron COVID-19 scam email was spotted in the UK late last week, December 3rd. Cybercriminals are quick to adjust their tactics to reflect the latest hot topics, and increasing fears is a good way to cause people to open an email without thinking it through first.
The Scam
The criminals posed as the UK’s National Health Service (NHS) warning about the new Omicron variant and offering a free Omicron PCR test.
If the user clicks on the ‘Get it now‘ button, they are taken to a fake NHS website.
On this fake site, users are requested to enter personal details to claim their free PCR test – full name, date of birth, home address, phone number, and email address. This information will be used by the cybercriminals to try to access your accounts and/or sold to other criminals.
Next, users are directed to make a payment of £1.24, which is supposed to cover the postage for the test. To make the payment, users will enter their e-banking information or credit card details. The purpose of the payment is not to steal the small sum of money (although a nice little bonus for the scammers nonetheless) but for stealing the banking information.
Adding insult to injury, the victim is also asked to provide their mother’s name during this payment step. Your ‘mother’s name’ is a common answer to the secret questions that provide added security to many people’s online accounts. With the answer, the scammers could use it to bypass your security questions during a separate account takeover attempt.
Would you or someone you know fall for this phishing attack? The key to protecting yourself is to think before you click.
PC Corp Security Awareness Training is offered as part of our Managed Services Programs. The training arms you with knowledge of the latest cyber threats, and the knowledge and defense tactics to help fight them off to keep you and your business safe. Talk to us for more information on Security Awareness Training.
Source KnowBe4.com