Fraud & Cybercrime Threats During COVID19

October 1, 2020

Fraud & Cybercrime Threats


NHS Test and Trace Scam

Current scam involves telephone calls claiming to be from NHS Track & Trace, callers will claim the recipient has been in contact with someone that has tested positive for Covid-19 so needs to self isolate for seven days and take a test within 72 hours. Callers will then ask for the best address to send the testing kit out to, before saying that there is a one-off fee of £50, which includes results, and asking for bank details.

Testing and results under the track and trace system are free. If you are contacted by the scheme you will never be asked for bank details or payments of any kind.


NHS Test and Trace App

Our West Midlands Regional Cyber Crime Unit have given this information following the launch of the new NHS Test and Trace app:
‘The NHS has launched the NHS COVID-19 app whereby venues are being instructed to download and display QR codes for visitors to scan when they arrive, using the new app. This is to help trace and stop the spread of coronavirus (COVID-19).

It is important to note that users are advised to only scan venue QR codes through the NHS COVID-19 app to ensure
that the user is accessing the correct website rather than a malicious one. Cyber criminals use a practice called QR Spoofing or “Attagging” which is where a real QR code is replaced by a cloned one, which then redirects the person scanning that code to a similar, potentially malicious, website where personal data can be intercepted and breached. Protecting yourself from QR Spoofing when `checking in’ to places, as is now required, is as simple as avoiding scanning QR codes with your
camera and instead downloading the free NHS COVID-19 (Test and Trace) app from the Google Play Store or Apple App Store.

QR Spoofing or Attagging – QR codes, particularly printed to signs or posters, are static and available to exploitation by cyber criminals by putting a fake QR code over a genuine QR code.

The launch of the new app will bring along new attempts from criminals to try to deceive people by way of email, phone call or text. Always seek information from a safe source and down load the NHS Test and Trace app from the trusted Google Play Store or Apple App Store and never from a link in an email or text message.

The official NHS Test and Trace website address is:


The National Cyber Security Centre provide information and advice for Small & medium sized organisations. Keep up to date with the latest NCSC Latest Threat Updates by visiting their website.


Action Fraud also makes it easy and quick to report non-emergency fraud and cyber crime. You can also contact them about a
suspicious call, letter, text or email even if you haven’t lost any money.

If you are a business, charity or other organisation which is currently suffering a live cyber attack (in progress), please call 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week. For more information, click here.


Call the Business Helpline to find out how we can help your business. Call 0300 111 8002.