Authorities on both sides of the Pond are issuing warnings about a sudden surge in Omicron testing and vaccination scams designed to steal money and sensitive personal information during a time of heightened anxiety.

Though hardly a newsflash, it’s painfully true: There really is no honor among thieves—even amid pandemic.

In the UK, bogus National Health Service-branded text messages and emails are urging recipients to apply to receive Omicron variant-specific PCR tests or risk being forced to isolate. Links within the malicious messages point to an expertly-crafted knock-off of an official NHS website requesting personal information that, among other things, could potentially be used to access bank account or commit insurance fraud.

Similar scams may be surfacing stateside in communities being hit hard by the highly-contagious variant of COVID-19. Just this past week, Florida state Attorney General Ashley Moody issued a consumer alert warning Floridians about potentially fraudulent COVID-19 testing sites, imposter health care workers at legitimate testing sites, and at-home testing scams. And the Oregon Department of Justice is investigating suspicious test sites cropping up around the state.

Meanwhile, the sheriff’s office in Hanover, VA, reports residents there have been receiving the exact same emails seen in the UK, pointing to those same NHS-branded phishing sites.

Don’t laugh. It’s certainly true that sending US citizens phishing emails pointing to phony British government websites suggests honor may not be the only thing lacking in some cybercriminal circles. But Omicron-themed attacks do fit with a larger, disturbingly-successful trend.

COVID-19: The Ultimate Cybercriminal Contagion

Cybercriminals are by their very nature opportunists. They’ll exploit any major news event or crisis to defraud individuals, businesses, and public organizations—the pandemic just happens to be a once-in-a-generation opportunity to prey on people’s fears. At every stage of the COVID timeline, fraudsters have been keen to leverage the “lure de jour.”

First, it was phishing emails impersonating the Centers for Disease Control (CDC), the World Health Organization (WHO), and John Hopkins University. Next came fraudulent charitable organizations asking for donations, and ecommerce companies hawking medical masks, disinfectants and more—many targeting vulnerable senior citizens.

Through mid-December, nearly 657,000 US consumers reported $636.7 million in losses from COVID-19 scams, including many associated stimulus payments, since the beginning of the pandemic. And in recent weeks, the Wall Street Journal has reported that individual swindlers and organized crime have pilfered $100 billion (yes, that’s with a “b”) from US government COVID-19 relief programs.

As demand for COVID-19 tests have skyrocketed with the emergence of Omicron, there has been a corresponding rise in fraudulent offers for rapid tests sold for home and even business use, and “more accurate tests” to be administered by healthcare professionals, according to AARP.

How to Avoid Continuously-Mutating Fraud Variants

The number of COVID scams has been running so high that the FTC has a special website dedicated to just to robocalls. And Palo Alto Networks reports that cybercriminals have registered tens of thousands of COVID-related web domains to use in spoof ads and phishing attacks designed to amass personal information to plant malware.

Among a growing list of signs of fraud to look out for:

  • Pop-up testing sites asking for out-of-pocket payment to administer vaccines (COVID vaccines are free)
  • Site volunteers who seem unformed or—a clear give-away—are unmasked during interactions with patients
  • Websites, texts, or calls to “confirm” personal data to gain access to vaccines, grants, or stimulus checks
  • Offers for teas, intravenous vitamin-C therapies or other remedies marketed as helping with symptoms
  • Emails purporting to come from your company’s HR that click through to sites requiring corporate logins or personal information to “confirm vaccination status”
  • Offers for fake vaccine cards to avoid having to actually get vaccinated
  • Private companies requesting personal information for home testing kits

The list goes on and on. To protect yourself, ignore unsolicited messages and instead contact your healthcare provider directly with any questions. And businesses, public sector agencies, and other organizations seeking protection against getting impersonated in these attacks should source an all-inclusive cyber-intelligence & takedown service.

As the pandemic enters its third year, we’ve all learned that it’s impossible to know what new mutation will surface next. The only certainty is that fraudsters will be ready and waiting to exploit it.

To learn more about how Outseer can help protect your organization from impersonation in Omicron testing scams and other attacks targeting consumers and businesses, or to schedule a demo, click here.

Reed Taussig

Chief Executive Officer

Reed is a 35 year technology industry veteran, responsible for the overall strategy and execution of the Outseer business. He was most recently an operating executive at Marlin Equity Partners. Prior to that Reed was CEO of ThreatMetrix, a SaaS company and a leader in fraud prevention solutions based on digital identity intelligence where he drove innovation and led growth.