Police are asking residents to be vigilant following reports of scam emails relating to NHS Covid Passports.
Since 13 October a number of reports have been received of emails claiming to be from NHS Digital National Health Services stating the recipient was eligible for a Covid Passport.
One incident in Brockworth saw a husband and wife receive their booster jabs before being emailed later that day. The email looked professional and contained a link to follow to provide details to obtain this ‘passport’.
The victim followed the link and put in some personal details such as their name, date of birth and mother’s maiden name. However, they noticed it was fraudulent when they were asked to provide bank details.
The email itself had a number of errors such as addressing the email to the person’s email and not name (e.g. Dear firstname.lastname@example.org). On closer inspection, it appeared the link was from N.H.S.ONLINESERVICE.CO.UK and stated BLOG@SPLAN223.JP when expanding on the name.
These errors have been explained to the pair as warning signs for future reference to prevent them from falling victim to similar scams or phishing emails.
Action Fraud are aware of similar scams circulating and have shared the following guidance: https://www.actionfraud.police.uk/news/beware-of-nhs-covid-pass-fraud
More advice to help stop you from becoming a victim of email fraud is below:
- Do not click on any links in the scam email.
- Do not reply to the email or contact the senders in any way.
- If you have clicked on a link in the email, do not supply any information on the website that may open.
- Do not open any attachments that arrive with the email.
Fake emails often (but not always) display some of the following characteristics
- The sender’s email address doesn’t tally with the trusted organisation’s website address.
- The email is sent from a completely different address or a free web mail address
- The email does not use your proper name, but uses a non-specific greeting like “dear customer”.
- A sense of urgency; for example the threat that unless you act immediately your account may be closed.
- A prominent website link. These can be forged or seem very similar to the proper address, but even a single character’s difference means a different website.
- A request for personal information such as user name, password or bank details.
- The email contains spelling and grammatical errors.
- You weren’t expecting to get an email from the company that appears to have sent it.
- The entire text of the email is contained within an image rather than the usual text format.
- The image contains an embedded hyperlink to a bogus site.
If you have fallen victim to this scam please call police on 101 (or 999 if the offender is with you and it is safe to do so) or speak to Action Fraud on 0300 123 2040. Information can also be submitted online at https://www.gloucestershire.police.uk/tua/tell-us-about/cor/tell-us-about-existing-case-report/ or https://www.actionfraud.police.uk/reporting-fraud-and-cyber-crime