Double Whammy: A fake COVID alert is followed by a fake call from the bank


The BBC has revealed details of how fraudsters lured about $63,000 from a food bank in the UK using a double fraud. Let’s analyze both parts of the attack:

  • A fake message from the testing and tracking service of the National Health Service of England. An SMS message is sent to the victim with a warning that she was in close contact with a person who tested positive for COVID-19. In the message, the scammers asked to pay for PCR. Once upon a time, the demand for payment could have been a wake-up call, but not since free testing ended in the UK. The victim’s payment was used as a stepping stone to a more serious attack.

  • A call from a fake bank. The second part of the attack was the call of the attackers to the trustees of the food bank. Having found out the card details during the first attack, the scammers managed to find out which bank it belongs to. Experts assume that the attackers got the necessary information on the first 4-6 digits of the bank identification number. Having collected the data, the scammers posed as armed with this information, the attackers found out which bank they needed to impersonate. Taking care of the return of the products, the victims handed over the bank account details. The scammers emptied the bank account for two days and stole more than $63,000.

To avoid such an attack, experts gave two tips. The first is not to respond to any messages about infection or possible contact with a COVID patient if they did not come in the official application. Second, if you received a call from the bank, it is better to call back at the phone number that is on the official website of the bank. In no case do not use the numbers that the caller gives you and do not give him information about yourself.

Start a discussion …