Scam of the Month: Beware of Fake NHS Email Profiting from PCR Tests

Updated: Jan 12

Just days after the first discovery of the new Omicron variant of COVID-19, fraudsters have been quick to take advantage of the opportunity to prey on the public’s fears and scam people out of their money.

A phishing email informing recipients to order a PCR test for the Omicron variant of Covid has been circulating in the UK. The email aims to trick victims to divulge their personally identifiable and financial information.




The phishing email features the NHS logo and informs recipients that the NHS has had to make new PCR tests due to the Omicron variant appearing “dormant in the original test kits”. The email then falsely claims that recipients must order an Omicron PCR test to avoid restrictions, and failure to do so will mean the recipient will have to isolate.

To order the Omicron test, the email advises recipients to click on the link included in the email.

If recipients click on the link, they are taken to a fake, but convincing, NHS branded website. The site encourages them to input their personal information, including full name, date of birth, address, mobile number, and email address. The landing page then claims that payment is required for the delivery of an Omicron PCR test. Recipients are requested to enter their card details, including card number, expiration date, and CVV code.


If a recipient enters their personal and financial details, fraudsters can use these to commit identity fraud, access the recipient’s bank account, or continue to target the recipient in the future with more scams.

This phishing email is just the latest of several similar emails and text scams over the course of the pandemic, regarding Covid-19 vaccines and vaccine passports.

The National Fraud Intelligence Bureau (NFIB) has reported a 400% increase in scams as a result of coronavirus-related phishing attacks.

Ways to Avoid Phishing Scams

  1. Keep Informed About Phishing Techniques – New phishing scams are being developed all the time. Without staying on top of these new phishing techniques, you could inadvertently fall prey to one.

  2. Verify a Site’s Security – Look out for the ‘HTTPS’ in a website’s URL to indicate that it is encrypted.

  3. Think Before You Click – Be cautious when clicking on links. Hover over links that you are unsure of before clicking on them.

  4. Never Give Out Personal Information – Never share personal or financial information over the Internet.

  5. Keep Your Browser Up to Date – To ensure the highest level of security, your device needs to be regularly updated.

  6. Install an Anti-Phishing Toolbar – Toolbars run quick checks on the sites that you are visiting and compare them to lists of known phishing sites.

  7. Use Firewalls – High-quality firewalls act as buffers between you, your computer, and outside intruders.

  8. Be Wary of Pop-Ups – Pop-up windows often masquerade as legitimate components of a website. All too often, they are phishing attempts.

  9. Use Antivirus Software – Antivirus software scans each file that comes through the Internet to your computer to help prevent damage to your system.


Source: MetaCompliance

Solution: Speak to GB3s Security Team about completing phishing assessments

Contact Us: Here to help


49 views0 comments