Follow Metropolitan Police

Know your vishing from your smishing to avoid being a victim of vaccine fraud

News   •   Jan 29, 2021 08:00 GMT

Londoners are being reminded to remain vigilant online and to report any suspicious Covid vaccine emails or websites to the police or other authorities following a small number of reported cases in December.

In December 2020, the Met's Cyber Crime Unit was made aware of three Covid vaccine scams, however officers believe the actual number that have taken place could be slightly higher and that people are not reporting these types of incidents to the police.

Detective Sergeant Josh Pool, from the Met's Cyber Crime Unit, said: "Sadly, criminals will exploit any opportunity to take people's hard earned money. Even a global pandemic will not stop them.

"It's positive to see that so few people have fallen victim to fraudulent vaccine scams in December, however we are concerned that people may not always be reporting when they have been deceived to us (the Met) or to other authorities such as Action Fraud. With the rollout of the vaccine picking up pace, we want to remind the public how they can help keep themselves safe."

In one example reported to the Met, a text message (Smishing) was sent out telling possible victims that they were eligible to apply for the vaccine. When the recipients clicked through to the link on the text message, they were taken to a website with NHS branding. They were then asked to provide their sort code, account number and long card number - this was, apparently, to verify a billing address.

Other examples the Cyber Crime Unit are aware of include:

  • Vishing (Voice calls)

Individuals are being contacted by phone offering the vaccine for a fee or asking for bank details. They are also asked to press a number of their phone keypad or to send a text message to confirm that they wish to receive the vaccine. Doing so is likely to result in a charge being applied to their phone bill.

  • Smishing (SMS)

Potential victims receive a text message offering them the vaccine. They are prompted to follow a link that redirects them to a very convincing fake NHS website that requests personal/financial information.

  • Phishing (E-mail)

Phishing emails encouraging users to fill out a form to register for a vaccination. Perpetrators are typically hoping to extract personal information/user credentials.

DS Pool added: "Absolutely no one should be providing their bank details to the NHS when it comes to receiving this vaccine. This example shows how sophisticated criminals are making their scams and why law enforcement will continue to remind the public about the things to look out for."

To help keep the public aware, the Met's Cyber Crime Unit has also created a video showing what to look out for online to avoid becoming a victim of vaccine fraud.

DS Pool concludes: "This short, sharp video takes 45 seconds to watch and provides really useful information on how to stay safe online and what the public can do to protect themselves from criminal behaviour."

Anyone who receives what they believe to be a vishing, smishing or phishing form of communication is asked to report it on the Met Police or Action Fraud websites.

Phishing emails can also be forwarded to report@phishing.gov.uk and smishing texts to 7726.