Skip to main content

Covid-19 vaccine text scam


The vaccine for Covid-19 may be rolling out over the next couple of months, but so too is the latest set of phishing scams from fraudsters who are using the vaccine to their advantage. We’ve been looking at one of these scams, a text perpetuating to be from the NHS which is (not at all surprisingly) after your bank details.

Why are scammers using the Covid-19 vaccine?

Phishers and scammers often use an organisation that victims are familiar with to lure people in, as well as a compelling ‘hook’. In this case, the organisation is the NHS which is obviously familiar to those living in the UK. The clever hook here is the vaccine - which is currently being offered to those over the age of 80, those who live or work in care homes, and health workers who are considered high risk. 

Those who receive the text who are within these groups are likely to be expecting communication from the NHS, and as such the scam is very convincing. Those who aren’t within these three groups but do want to receive the vaccine may be taken in by this scam too; particularly if it suggests they can get the vaccine earlier than expected. We've heard of phishing emails and scam phone calls doing the same thing.

Due to the pandemic, we’re also now accustomed to receiving correspondence from the NHS through our smartphones. As such, a text pertaining to be from the NHS is likely to be more convincing now than it may have been before Covid-19. 

Let’s take a look at the vaccine text scam

The text reads as follows, ‘we have identified that your [sic] are eligible to apply for your vaccine. For more information, and to apply, follow here: [link redacted]’. Clicking the link takes the victim to a webpage that has been made to look like the NHS website. If you progress through the application process, you’re prompted to fill in your name, date of birth, address, and (you guessed it) a payment card.

The site looks incredibly similar to the NHS website, even featuring a ‘Read before applying’ box which encourages victims to read the information on the vaccine before filling in an application. This is particularly unusual for a phishing scam, as it almost encourages you to stop and think about applying before doing so. Obviously, this makes an already convincing scam seem even more legitimate.

The warning signs

Very few phishing scams are watertight and perfectly presented, and this one isn’t an exception. Spelling errors are prevalent through both the text and the website, which is a great indicator you’re looking at a forgery (‘your’ instead of ‘you’ in the original text, the word ‘ownership’ is written as ‘owenership’ in the website itself). 

Spelling errors in phishing scams may be due to the phishers writing in something other than their first language, but equally phishers are after victims that don’t take the time to think critically - and if you don’t question a spelling error, you might not question the other aspects of this website that don’t hold up to scrutiny. 

The website address is also a red flag; despite the colours, branding and NHS logo, the url is ‘uk-application-form.com’. Evidently, this is not the NHS website, no matter how many sentences they’ve copied. Additionally, there is no padlock in the web address bar, meaning that the information you send to the website is not secure. 

The biggest warning sign from this scam is that they are asking for payment details. According to the NHS, ‘The NHS will NEVER ask you to press a button on your keypad or send a text to confirm you want the vaccine, and NEVER ask for payment or for your bank details.’ If you’re on a website that is requesting these details, or have had a phone call from someone requesting these details, you can be sure that they aren’t the NHS.

What should I do if I receive this text?

If you receive this text, do not follow the link. As stated above, the NHS will not ask you for bank details or payment details. If you think you have fallen victim to this scam or a similar scam, Which? has a guide to help you get your money back

Tweet us @TranscenditUK 

Image from Unsplash


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
As always the support team are efficient and effective. Darlington Golf Club

Based on 12075 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 09-October-2024

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Living Wage employer
Transcendit is a Microsoft Gold certified partner
VMWARE partner
Vipre partner
IPCortex partner
WithSecure partner
DELL partner
Barracuda partner
Veeam partner
N-Able partner