Beware email scams for COVID-19 vaccinations

Chloe Mustafa
Categories: Secure your business
Tags: Cyber-security remote working Security

You may have seen in the news, reports of fake COVID-19 vaccination invitations purporting to come from the NHS Test and Trace service.

Cybercriminals are becoming ever more sophisticated, and whereas previously scam emails were relatively easy to spot with their bad - almost laughable at times - grammar and spelling, this is not now always the case.

And the scam COVID-19 invites currently hitting inboxes are a case in point. With a professional appearance they can be convincing, and have fooled a number of people. The below is only one example, which a member of the Cobweb team received last week.


The exact wording seems to vary from version to version, but all appear to include an invitation to “register” or confirm your appointment for the vaccine - with the objective, of course, to obtain bank details, either through needing to prove identity or to make a payment.

Firstly, it’s important to note that no registration is required to receive the genuine vaccination, and secondly the vaccine is free.

The NHS advises on Twitter:

COVID-19 vaccine fact check: you don't need to apply for it, you don't have to pay to receive it, you don't need to share bank details to confirm your identity.

In addition, the NHS confirms that they will never ask for:

  • Bank account or card details
  • Pin or banking password
  • Copies of personal documents to confirm identity (such as passport or driving licence).

The vaccination invites are the latest in a long stream of COVID-based scams. The National Cyber Security Centre (NCSC) warns, “While everyone is worried about the coronavirus, cyber criminals have seen this as an opportunity. In emails and on the phone, they may claim to have a 'cure' for the virus, offer financial rewards, or encourage you to donate to worthy causes. Like many scams, these criminals are preying on real-world concerns to try and trick you into interacting. They may also mimic real NHS messages.”

And, of course, ensuring that everyone remains vigilant and cybersecurity aware plays a vital part in safeguarding against scams. We always recommend business to double-layer their security with additional security solutions, as well as to ensure staff are regularly trained. You can see our remote working security tips for you and your employees here.

Related Articles

Microsoft Viva launches an employee experience platform for the digital age

Delivered through Microsoft Teams, Microsoft Viva incorporates a number of third-party solutions.

Read More

Beware email scams for COVID-19 vaccinations

The recent COVID-19 vaccination push has increased the number of email scams out there. Discover what to look out for here.

Read More

Keeping customers safe: responding to the Mimecast cyberattack

Protecting customers is a top priority, with a layered approach to the security of their users, applications, data and devices.

Read More

Which telephony option is best for your business?

Use our interactive flow diagram to understand which option is best suited to your business.

Read More