As blanket pandemic restrictions in the UK gradually phase out with the introduction of the NHS Covid Pass, scammers are seeking to take advantage of uncertainty and confusion with fake emails and texts.

The NHS Covid Pass was recently launched so people can show their Covid vaccine or test status, which might be needed to travel and gain entry to some events.

These vaccine passes are completely free. You can download a digital version using the NHS app or ask for a physical copy to be posted to you.

But fraudsters have been sending out fake NHS branded emails, falsely inviting people to apply, and pay, for a pass. Fake text messages are also doing the rounds with similar messaging. The texts can be particularly convincing as the NHS often uses texts to contact people.

Keep in mind the NHS Covid Pass is FREE so any attempt to get you to pay is a scam.

NHS under siege from scammers

The NHS has been under siege from scammers and fraudsters during the pandemic. From a scammers point of view it’s an easy target with millions of users and over 1.3 million staff.
  • Phishing scams have sought to replicate, or pretend that they are from, organisations such as the World Health Organisation (WHO), the UK Government (GOV.UK) and HMRC, amongst others.
  • Fake websites have also appeared which impersonate NHS organisations and which contain malware such as ransomware.
The NHS has done a lot of work in educating and safeguarding employees against cyber threats and ensuring its employees can identify potential scams. Its guidelines are also equally useful to anybody who uses the NHS or just as general safety points.
  • Be suspicious of emails that ask you to check, renew or share your logins or passwords
  • Don’t open attachments or click on links in emails without first establishing they are legitimate. For example, were you expecting to receive the email?
  • Hover over links (without clicking) to see if the link looks legitimate. With many phishing attempts, the actual link differs from the one you see in the email
  • Check the source of the email, do you know the sender? If you don’t be wary and try to verify the authenticity of the sender.
  • If the content of the email tries to persuade you to do something that seems too good to be true, it probably is
  • If the email claims to be from an official source does it look legitimate? An official source will never ask you to share personal details or login credentials
  • Check for spelling and grammatical errors in emails. These are often a tell-tale sign of scams.