Because of the ambiguity of current lockdown restrictions, a new text scam pretending to be from the government feels a bit too real to U.K. residents, turning them into victims.
The current restrictions by the U.K. government seek to have most people stay at home, only going outside for “food, health reasons or work.” But because there is some uncertainty around how to determine whether someone is or isn’t breaking the current restrictions, it’s a perfect angle for scammers to get in on the action.
U.K. residents have begun receiving the following text message:
"GOV.UK CORONAVIRUS ALERT. We would like to inform you that you have been recorded as leaving your home on 3 occasions yesterday. A fine of £35 has been added to your gov.uk account. For further information please visit gov.uk/coronavirus-penalty-payment-tracking. Protect the NHS. Save Lives.”
The link (not the URL shown above) takes the victim to a criminal-controlled website where credit card details are given up in the spirit of making the payment. For those outside of the U.K, this kind of penalty isn’t entirely unfamiliar to U.K. residents – for example, normally in London, cars operated within a specific area are subject to a congestion charge. So, the idea of receiving a text alerting them to having violated the quarantine restrictions isn’t entirely far-fetched. This is another great example of how context plays a role in scams. The mix of COVID-19 and the U.K. restrictions make this all believable.
We’ve recently seen SMiShing (texting) scams against corporate users as well. The use of mobile texting as an attack medium demonstrates the need for Security Awareness Training reaching far beyond just email-based attacks. With the increases in attacks now that many organizations are utilizing remote working, it’s imperative that these users are up to date on how to identify malicious content on any device and medium.