Scammers are using the government’s decision to end free Covid tests to defraud victims online.
Unsuspecting members of the public have lost thousands of pounds after changes to Covid testing rules triggered a surge in criminals impersonating the NHS.
Free testing was phased out last month and most people must now pay for Covid tests – a move that has left the door open for opportunistic scammers.
High street bank Santander has received almost 300 reports of NHS testing scams this year with victims losing more than £5,800 each on average.
One example shown to The Mirror was a text message that had gone viral. It claimed to be from the ‘NHS Health Department’ and claimed the person needed to book a PCR test because they had come into contact with someone with Covid.
The scam purported to be from Track and Trace and the message included a link to book a PCR test.
In most cases, the link will ask the victim to cover postage for the PCR test. A nominal payment amount is requested, allowing their card details to be harvested by the fraudster.
The fraudster then contacts the intended victim pretending to be from their bank (using the information shared on the fake website) and convinces them that they are being scammed and they need to move their money into a safe account.
The name on the safe account is often someone else’s and the fraudster will provide a rationale about why it isn’t in the customer’s own name.
This means when the account number is checked with the name as part of the payment process, there will be a ‘match’. The account will in reality be controlled by the fraudster.
Once the money is sent, the fraudster cuts off all contact. Sometimes their details are then sold on to other fraudsters.
One woman, named only as Mrs D, received a SMS purportedly from the NHS warning her that she had been in close proximity to someone who had tested positive for the Omicron variant.
She clicked on the link contained within the SMS to order a free PCR test and paid £1 for postage.
She then received a call on February 21 from an individual claiming to be from the Santander Fraud team, who advised her that she had recently fallen victim to an NHS PCR scam and that her account was now at risk, and she needed to move her money to a safe account immediately.
Once the transfer was complete, the fraudster asked to speak to her husband.
Mr D was advised to move his money from his joint account with his wife into his sole account.
In total Mr and Mrs D transferred over £20,000 to the fraudster.
The tactic is similar to that used in fake parcel delivery texts which spread throughout the pandemic and, at one point last year, accounted for more than half of scam messages in the UK.
The Chartered Trading Standards Institute (CTSI) has also warned against clicking on links in unsolicited messages.
CTSI Lead Officer, Katherine Hart, said: "Unfortunately, unscrupulous scammers are manipulating measures implemented to protect the public by cloaking their scams in NHS branding.
"The pandemic has revealed the extent that fraudsters will go to manipulate modern technologies and the ongoing health crisis we face.
Jacinta Tobin, at security website Cloudmark Operations, said: “Consumers need to be very sceptical of mobile messages that come from unknown sources.
“And it’s important to never click on links in text messages, no matter how realistic they look.
“If you want to contact the purported vendor sending you a link, do so directly through their website and always manually enter the web address/URL.
“For offer codes, type them directly into the site as well. It’s also vital that you don’t respond to strange texts or texts from unknown sources. Doing so will often confirm you’re a real person to future scammers.”