A naked security reader in the UK warned us about a scandal in a text message this afternoon.
The message is claimed to have come from the UK’s National Health Service, the NHS, which administers the coronavirus vaccine and offers free tests across the country:
As you probably know, PCR tests, which currently require processing in a laboratory, are considered more accurate than self-administered lateral flow tests.
In fact, if you already have coronavirus symptoms, or have been in contact with someone who is infected, PCR tests are recommended in the UK and are offered free of charge.
You may have a set of one-off tests sent by mail and post the entire test in the lab for processing, but this adds time until you get the results – and if the test is positive, you still have no symptoms, which is mandatory for you. Adds duration of isolation.
So, as you can imagine, anyone who is self-employed but has to be out for their work – plumber, electrician, care worker, painter and dozens of other jobs – a home testing device that can save time would be very useful to get a reliable result. .
We have no idea that such a consumer device could be created economically, and if so the results could be reliably and securely verified online, but in a world where retailers can deliver hidden products to your doorstep in a matter of hours And to securely pay, telephones that have high-resolution video cameras that can stream images worldwide in real time and where private citizens can buy JoyRide in space, we’re going to assume there’s no rare technical reason that would make it a ridiculous idea.
Even better, for those who are self-employed and go to many other households to do their work, a home testing device can allow employees to test so quickly and reliably that they may even be able to re-attend their appointments. And the verifiable “COVID test pass” performed that morning.
So you can understand why those who received the message above may be interested enough to check it out.
What do you do?
We hope you’ll mark it now as a scandal, but you can see why it was worth the miscreants’ time to try it.
After all, the UK government is an avid user of text messages for a number of purposes, including 2FA, reminders, notifications and more, so SMSes from government departments are not uncommon.
In fact, you cannot book a coronavirus test online without providing a mobile phone number in advance, ready to receive test results via text.
So, if you are tempted to click only in this case, first ask yourself the following questions:
- Probably a story? No. Test results may come via SMS, but the offer of amazing new experimental medical equipment does not come!
- The link probably shows? No. NHS links usually end at NHS.uk, which has a weird-looking dot com address.
- Do I have to click on the link at all? No. Even if the link is genuine, you will be able to ignore the link and find your own way in the right place.
We’ll be happy to show you what this scam looks like if you click, but we’ll still be happy to let you know that the website isn’t currently working properly.
The domain is brand new, registered this morning; The HTTPS web certificate was issued today at 8 am; And the web server is active and receiving connections …
… But what we can do is make a short list of file names and a page that says Error 600:
(If you’re wondering, that web page says Error 600 In fact 200 had an HTTP response code. Error 600 Meaningless, because there is no HTTP code above 599.)
