The public must be alert to scam phone calls and text messages posing as part of the NHS test and trace service, experts have warned.
Last week, deputy chief medical officer for England Dr Jenny Harries said “it will be very obvious” when a member of the public receives a call from the new contact tracing programme.
The NHS test and trace programme is designed to limit the spread of transmission of coronavirus, and works by finding those who have come into contact with someone who has become infected and telling them to isolate via a phone call, email or text message.
But security experts and charities have warned that some people, particularly the vulnerable or elderly, could be susceptible to fake calls or messages from criminals looking to get access to personal information.
If you're contacted by the NHS Test and Trace service, you will not be asked to provide any passwords, bank account details or pin numbers.
— NHS (@NHSuk) May 28, 2020
The UK’s National Cyber Security Centre (NCSC) has previously confirmed that is has seen a number of scams appear since the Covid-19 outbreak which have attempted to capitalise on concerns around the pandemic.
Last month, the Chartered Trading Standards Institute (CTSI) flagged bogus text messages which claimed to be from contact tracers, but contained a link which instead tried to gain bank account and other personal identity details.
At the end of April, the NCSC launched a new Suspicious Email Reporting Service, where users could flag suspected scam emails directly to the centre.
Since then, more than 600,000 emails have been forwarded to the service, which the NCSC said has resulted in the removal of more than 1,000 scams.
In an effort to clarify how official tracers will get in contact with people, the Department of Health has said NHS test and trace employees will never ask for financial details, PINs or banking passwords over the phone, and tracers will not be making any home visits.
A spokeswoman said: “NHS Test and Trace is vitally important to prevent the further spread of Covid-19.
“We have been working with the police and the National Cyber Security Centre, who have advised on measures to keep the public safe.”
According to the Government website for the scheme, if contact tracers do get in touch with someone, it will be either in the form of a text, email or phone call.
Calls will come from a single phone number – 0300 013 5000 or via text messages sent from ‘NHS’, which will ask users to sign into the official NHS test and trace website and for their full name and date of birth to confirm their identity.
The guidance says tracers will never ask someone to dial a premium rate phone number to speak to them, for example, those starting 09 or 087, or ask for any bank details or to make any kind of payment or purchase.
It also says tracers will never ask for any social media identities or log-ins, passwords or PINs, or ask users to download software or access a website not belonging to the Government or the NHS.
Parthi Sankar, a cyber solutions consultant for US security firm Anomali, said this information was vital because “knowing precisely what to expect and what not to expect is key to avoid falling victim to a scam message”.
Ben Tuckwell, district manager UK and Ireland for cyber firm RSA Security, said: “Fraudsters are known to thrive in times of crisis.
“With millions of people around the country working from home, in many cases distracted by young children, the truth is that they are sitting ducks for clever and timely phishing attacks.
“Consumers can protect themselves by acting smart and pausing to consider each communication they receive.”
— NCSC UK (@NCSC) May 30, 2020
Caroline Abrahams, charity director at Age UK, said anyone, particularly older people, who suspects a call is a scam should hang up and contact Action Fraud, the UK’s fraud and cybercrime reporting centre.
“Older people will want to play their part in helping to slow the spread of the virus, which will include registering with the test and trace service,” she said.
“As with any system handling personal data, people will have concerns about how the information they provide will be used, protected, and whether criminals could exploit it.
“The Government, NHS and Public Health England need to reassure the public that tracers will never ask for bank details, payment, PINs and passwords over the phone.
“If you suspect a scam or are worried that the call is not genuine, just say that you will call them back and hang up, the official number is 0300 013 5000. You should also immediately contact Action Fraud online or by calling 0300 123 2040.”