COVID-19 The Phisher’s Friend

COVID-19 The Phisher’s Friend

Share with your network!
COVID-19 The Phisher’s Friend
  • Phishers may be taking advantage of the current lockdown fears in the UK
  • If they do, watch out for SMiShing mobile messages that spoof UK government COVID-19 guidance messages in the coming days and weeks
  • Never click on a link in a mass-generated text or email; always navigate directly to a legitimate government website

This is a "The Defence Works special edition", a 'public information announcement' about potential new threats that may arise.

The COVID-19 pandemic is challenging all of us in many ways. One government announcement this week was that people in certain groups would be required to remain indoors for up to 12 weeks. These individuals are those in our society that are most at risk, people with certain cancers, or severe heart conditions, and so on. A list of people who fall into a category that requires ‘shielding, can be found on the website. And, Monday evening, one of the most chilling announcements was made, all persons in the UK must abide by stringent rules of social distancing to protect our NHS from over-burden.


The details of how to protect our most vulnerable, ourselves, and our NHS means the UK government needs to communicate to the population of the UK in any way they can.

Stay at home. Protect the NHS, Save Lives

As part of ensuring that everyone in the country was aware of the immediacy of the lockdown in the UK, the government has been sending out texts to citizens. To achieve this, the UK government asked carriers, including EE, Vodafone, and O2 to help, by sending a text to their subscribers. A copy of the text is shown below. It alerts the recipient to these new rules to help protect the wider population, ourselves, and the NHS against COVID-19.


The text also contains a link to a government website to give you further details on what you can and cannot do under the new restrictions.

Whilst it is vital under the current coronavirus pandemic for the government to easily communicate with citizens, there are also issues this might raise regarding phishing.


Here, “The Defence Works” takes a look at what you should be aware of to prevent a cybersecurity breach if cybercriminals take advantage of the situation.

SMiShing, Phishing Kits, and COVID-19?

SMiShing is a type of phishing that uses mobile SMS messages or other messaging apps to deliver a phishing message. We regularly write about SMiShing in our Breaking Scams section, as SMiShing is a tactic, often used, by fraudsters; the most recent post discusses a British Telecom (BT) SMiShing scam 'PUPpy Love: BT Billing SMiShing Scam'. We describe how the fraudster disguised a phishing text message to make it look like it was from BT. The message contained a link, which if clicked, went to a malicious website.

If you’ve read so far, I’m sure you already know what we are going to say: The BT scam, typical of a SMiShing scam looked a lot like the legitimate UK Gov message received by so many UK citizens.

Fraudsters love an opportunity to increase the click rate of a phishing message. They use any tricks they can to encourage a knee-jerk reaction to click on a link. The fear inherent in the current pandemic situation is perfect fodder for cybercriminals. All you need are the right tools to take advantage of that fear and use it for criminal means.

Phishing kits are big business in the world of cybercrime. Phishing is now an ‘as-a-service’ business opportunity that literally anyone with a criminal mindset can take advantage of. Researchers at Cyren Labs found 5,334 phishing kits for hire in the first half of 2019; to use the ‘Phishing-as-a-Service’ option in the dark web checkout, a fraudster pays the cybercriminal operation behind the kit, from $50 per month rental fee. For that, they can get all the tools they need to send out readymade phishing emails or SMiShing messages and an associated spoof website/malware to use to reel in the cash. The fraudsters can even buy lists of mobile phone numbers to use as targets.

The thing is, this latest government text message, giving advice to citizens on what to do during the coronavirus pandemic is great, but it will also ring the till for cybercriminals.

Copycat, Dirty Rat

As we have seen in our many Breaking Scam posts about phishing and other scams doing the rounds, cybercriminals like to jump on an event. Yearly events like tax return time or Amazon Prime Day, are all candidates for a fraudster phishing campaign; last year security vendor McAfee discovered just such an Amazon Prime phishing kit available for sale on the dark web.

It is not much of a stretch to think that in the coming days or weeks, phishing kits that mimic government texts will be sent out, en masse, to British mobile numbers. Phone numbers that have been stolen in the many data breaches we have seen in recent times.

What to Do if you Receive a UK Gov COVID Text Message?

COVID-19 is a very serious and worrying pandemic. We all must make efforts to heed the advice of government scientists at this time. However, if you get a Gov UK COVID-19 text, instead of clicking the link, navigate directly to the government website that has details on the virus. This simple act may not only save lives, but may also save you from identity theft, stolen data, and financial loss which, let’s face it, none of us can afford at this worrying time.

To all reading this, stay physically safe and stay cyber-safe.

If you’d like to know how security awareness training packages work, sign up for a free demo here.