The UK’s NHS today launched its COVID-19 “Test and Trace” system in England.
I have seen no discussion of fraud, but this system is an open invitation for scammers and fraudsters.
People will apparently get unexpected phone calls from NHS “Test and Trace” telling them they have been in contact with the COVID-19 infection, and they must immediately self-isolate for 14 days. The phone call will also ask for details of who they’ve been in contact with. It seems the “Test and Trace” system will use all sorts of methods – maybe including one’s use of credit cards – to track your movements and who you may have been in contact with.
RIPE FOR FRAUD
Scammers will exploit this. They have shown that they are more than willing to use fake emails (for example, pretending to be Microsoft, HMRC, the police, BT and so on) to get you to respond (or click on a link) to provide more details about yourself. They will then use these details – sometimes in very creative ways – to steal your money, get access to your emails (and thereby steal your money or get your relatives of friends to lose money) and so on.
Scammers and fraudsters are also very happy to use phone calls that start “This is Microsoft” or “This is Windows Support” or “This is BT” to involve you in a scam which will end up with you losing money.
NO WAY TO CHECK
So you can be sure scammers will soon start making phone calls that start “This is NHS Test and Trace” and end up costing you money, sometimes thousands of pounds. Banks (or credit card companies) don’t usually refund this money because “you were negligent in giving out confidential details”.
All far as I know, there is no way to check if a “Test and Trace” call is genuine. The government doesn’t seem to have thought of this. It’s not clear yet what information a genuine Test and Trace call will ask you for, or what you might believe, but it could quite feasible involve credit card details or other private information. And they might quite well say “it’s the law, you have to tell us” (which is isn’t, and you don’t).
HOWEVER, if you’re happy to tell them more-or-less public information like your credit or debit card numbers, your bank account number (it’s on every cheque you write, after all) or your email address, I wouldn’t tell them any security information. They don’t need to know any passwords, PINs, login details, “memorable data”, security answers, and so on.
This is old advice: you shouldn’t click on links in emails, trust any website (unless you know how to check), or believe any email is from who it says it is. Emails that start “Hello” or “Dear Customer” are not being sent to you personally, so your account hasn’t been suspended, you haven’t won the lottery or become eligible for a refund or compensation.
So it’s the standard advice, nothing new, but a new opportunity for fraud. Fraudsters are clever, ingenious, resourceful, and convincing. Always be on your guard. Just as you don’t cross the road without looking, don’t trust something because it’s on your commuter, found by Google or “looked trustworthy”. Be suitably suspicious!