Active COVID-19 vaccine phishing campaign tries to phish banking information

Active COVID-19 vaccine phishing campaign tries to phish banking information

An active phishing campaign is trying to phish users’ sensitive information by pretending to be UK’s National Health Service (NHS). Users have reported that they are receiving emails supposedly from the NHS about being eligible to receive the COVID-19 vaccine.


A rather sophisticated phishing email campaign is currently going around trying to get users to fill out a fake COVID-19 vaccine registration form. One of the variants currently in the wild informs the receiver via email that they have been selected to receive a COVID-19 vaccination. The email invites the user to accept the invitation and fill out a form in order to register to receive the vaccine. However, instead of registering for actual vaccination, they would end up providing their personal information to cyber criminals.

The phishing email informs users that the NHS is “performing selections for coronavirus vaccination on the basis of family genetics and medical history”. Whoever receives the email has been supposedly selected to the receive the vaccination, and they are asked to either accept or decline the invitation. Whether users press the “Accept invitation” or “Decline invitation” links, they will be taken to a fake NHS website that asks them to “confirm your coronavirus vaccination”.


The COVID-19 vaccine phishing email

The site users land on by clicking on the link will look rather legitimate at first sight. The fake site provides information about the vaccination process and asks users to either accept or reject the vaccine appointment. In case of rejection, the appointment would supposedly go to “the next person in line”.

“The NHS is performing selections for coronavirus vaccination on the basis of family genetics and medical history. You have been selected to receive a coronavirus vaccination,” a message displayed on the fake website reads. Whether users click accept or reject the invitation, they would be redirected to a few different pages that ask them to provide their personal information.

The form that potential phishing victims are asked to fill out asks for a first name, surname, date of birth, mother’s maiden name, address, mobile number, credit card information and banking data. Information like the date of birth and mother’s maiden name can be used to hack online accounts where that information is necessary in order to change/recover the password. Ideally, users would not be using their actual mother’s maiden name as the answer to their security question but there probably are less cautious users who do, which is why this information is valuable to cyber criminals. And the banking data is collected for obvious reasons.

While it’s no surprise that cyber criminals are using the current situation to perform phishing attacks, it’s somewhat unexpected that the attempts are rather sophisticated. First of all, the sender’s email address is displayed as, which looks absolutely legitimate at first sight, at least legitimate enough to trick less cautious users. The website users are led to if they click on the links, as well as the forms, look very similar to how government online forms actually look like. But even if everything seemed completely valid, a major clue giving it away as phishing is that the forms ask for credit card and bank information, supposedly to verify users’ identities. Most people should already be aware that the NHS will never ask for such information.

NHS warns that they will never ask for bank information

In light of the phishing emails, NHS has warned people that the vaccine is free of charge and they will never ask for certain kind of information. The warning also reassures that users don’t need to apply for the vaccine, and that the NHS will never ask people to confirm their identities by providing their bank details. If you ever receive an email from the NHS that asks for banking information, it will always be phishing.

NHS’s warning on Twitter

The NHS also has a website that provides information on how people will be contacted about COVID-19 vaccinations. It’s noted that people eligible to receive the vaccine will not be asked to register via phone. The NHS may call to remind people about their COVID-19 vaccination appointments but they will not call to book appointments. If it’s relevant, we suggest usersĀ  familiarize themselves with the information provided in the site in order to avoid potential phishing attempts.

Site Disclaimer is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.

The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.

Leave a comment

Your email address will not be published.