Trading Standards warns of NHS contact-tracing phishing scam

The Chartered Trading Standards Institute (CTSI) has warned people of a phishing scam based on the forthcoming coronavirus contact-tracing app.

The NHS' official contact-tracing app is currently being trialled on the Isle of Wight (IoW), and the government plans to roll out the app across the country this month.

The app, once launched, will help to keep a record of people coming in close contact with someone who tested positive for Covid-19. The system will then alert such people about the contact.

The CTSI says it has evidence that cyber criminals are currently sending text message to trick people into believing that they have come in contact with a coronavirus-positive person. A large number of people in Britain have received such messages.

"Someone who came in contact with you tested positive or has shown symptoms for Covid-19 & recommends you self-isolate/get tested," the message reads.

It contains a link to a malicious website which asks people to enter their personal details. Scammers then use the details to gain access to victims' bank accounts and transfer money to accounts under their control.

Since March, fraudsters have stolen more than £2m via scams related to Covid-19, according to Action Fraud, and experts fear that the number of scams will rise once the contact-tracing app is rolled out across the country.

"We have witnessed a surge in Covid-19-related scams since lockdown began," said CTSI lead officer Katherine Hart.

"This evidence is yet another example of scammers modifying their campaigns as the situation develops."

Hart said she was especially concerned to see emergence of scams themed around NHS' contact-tracing app, even though it is still in testing phase and is yet to be released across the country. She advised people to report such phishing messages to Action Fraud and not to click on any accompanying link.

There is a debate ongoing regarding the privacy and security aspects of proposed NHS' contact-tracing app. Last month, 117 privacy and academic experts in Britain expressed concerns about the use of the app in the country. In an open letter, these experts urged that "the health benefits of a digital solution be analysed in depth by specialists from all relevant academic disciplines, and sufficiently proven to be of value to justify the dangers involved."

The Electronic Frontier Foundation (EEF) also said last month that contact-tracing apps built using the alternative Apple-Google API could also pose a threat to privacy and security of users. EFF cautioned that threat actors could exploit security weaknesses in those apps to harvest users' data and to shake people's confidence in the public health system.