U.K. Phishing Attack Targets Those Seeking the COVID-19 Vaccine

Phishing UK COVID-19 VaccineThis latest phishing scam impersonates the UK’s National Health Service, telling recipients that are eligible for the vaccine in order to collect valuable banking and credit card details.

I really despise these scammers. At a time when people are searching for a way to protect themselves, these lowlifes of the cybercriminal world prey on those in fear. This latest scam has recently hit the UK where unsuspecting victims were sent an official-looking email purporting to be from the UK government with a simple message – that the recipient has been selected for the vaccine.

Would-be victims who click the “Accept Invitation” link are taken to a legitimate-looking website that appears to be the NHS:


Source: Bleeping Computer

Once victims again choose to accept the invitation, they are prompted to answer a series of questions that collect personal details including the victim’s name, their mother's maiden name, address, and mobile number, as well as credit card and banking details.

While this scam feels like it’s targeting individuals, the very same scam is possible within your organization; all it takes is a little spin on the theming (e.g., make the email be from the HR department about a company-wide vaccination with a link to the rollout schedule that happens to attempt to collect Office 365 credentials) to be business-worthy.

Organizations need to take attacks that seem to target individuals over a corporation, as the shift in a campaign to steal corporate data only requires a few changes in how an attack like the one above is executed.

Putting users through Security Awareness Training is an effective way to help them protect themselves and the organization, regardless of how well-executed a phishing campaign is.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Topics: Phishing, COVID-19

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews