The NHS COVID-19 app offers people in England and Wales a fast way to see if they’re at risk from coronavirus. As well as contact tracing it offers information on local area restrictions and venue check-in. But the National Cyber Security Centre (NCSC), part of GCHQ, said it has removed more scams from the internet last year then in the previous three years combined, and among the scams were 43 fake NHS COVID-19 apps.
The fake apps are examples where criminals have exploited the vaccine rollout to gain personal information for the purposes of fraud.
Dr Ian Levy, technical director of the NCSC, said: “The big increase in COVID-19 related scams, fake vaccine shops, fake PPE shops, show – to me anyway – that criminals have no bounds on what they will abuse and the fear that they engender to try and harm and defraud people.”
Advice on how to identify fake apps is offered by NordVPN:
- Check reviews – if the app rating is low and many users complain about the service, it’s a red flag.
- Look for grammar mistakes – app creators usually polish their descriptions to perfection.
- Check the number of downloads – if you see a popular app with only several thousand downloads it’s most likely a counterfeit.
- Research the developers – imposters sometimes use the same name as the original app creator’s, changing only one or two letters.
- Be cautious about images and screenshots – malicious apps might use low-quality illustrations or photoshopped images.
- Review permissions – a flashlight wishing to access your contacts or a calculator asking for access to your gallery might be a warning sign.
The NCSC also revealed it received 600,000 reports about scam emails in the first three months of the pandemic.
When it comes to NHS contact tracing services, they will never ask you to pay up front for a coronavirus test, as the service is completely free for everyone.
Which? offers advice for how to tell if a contact tracing message is real or a scam.
Firstly, if you have coronavirus symptoms you can get tested. If you test positive for the virus you’ll be contacted within 72 hours of taking the test.
You won’t be asked for any personal details upfront. You’ll be given a unique ID number to log in to the NHS England Test and Trace website.
The only official web address for the NHS Test and Trace service is https://contact-tracing.phe.gov.uk/
Once you’ve logged in, you’ll then be asked to enter some basic information, including your name and current address and the places you’ve recently visited.
If you can’t access the website you’ll be asked to give these details over the phone.
If you get a call about testing positive but haven’t taken a test in the past few days, then the call isn’t real.
The NHS Test and Trace service will only contact you by phone, test, message or email.
If you’ve received a dodgy message or call you can report it to Action Fraud – call 0300 123 2040.
Which? advises: “If you’ve given away payment or bank details, let your bank know as soon as possible. They’ll be able to help you protect your accounts.
“If you’ve shared other personal details, keep an eye out for unexpected bills or invoices addressed to you.
“Check your credit report regularly for any new accounts that you haven’t opened.”
As part of the NCSC report, HM Revenue & Customs remained the most copied brand, with more than 4,000 separate scams involving the tax office’s name, followed by Government websites and TV licensing.
There has been text, email and phone scams involving the brands, as well as those pretending to be delivery firms like Royal Mail or DPD.