Omicron spoof shows ongoing danger of COVID-inspired cyber crime


Share on facebook
Share on twitter
Share on linkedin

Threat actors’ efforts to exploit consumers’ anxieties around COVID-19 continue with the emergence of the Omicron variant.

A consistent effort is being made my cyber threat actors to exploit the new COVID variant within the community.

As we’ve mentioned previously, COVID-19 has in part been characterised in the digital realm by hackers duping unsuspecting and anxious consumers.

Now, information regarding the effectiveness of vaccines and contingencies adopted by states to minimize the spread is being used in malicious phishing campaigns.

Cyber threat actors across the globe are employing phishing tactics to capitalise on the rapidly evolving situation to lure in innocent victims. 

The most blatant attempt has taken place in the UK, where the National Health Service (NHS) was mimicked in an attempt to scam consumers.

Free Omicron PCR Test used as bait

A free Omicron PCR test that allows consumers to avoid restrictions imposed by the British government was the lure in this case. 

With everyday people having had a gutful of lockdowns, people have indeed been attracted by the proposition. 

Twitter post Omicron scandal

People clicking the link are then pointed towards a fake NHS website where one can apply for a “COVID-19 Omicron PCR test”. 

Recipients must fill in a form with their data (name, date of birth, home address, mobile phone number, and email address), some security questions (i.e., mother’s maiden name), and finalize the procedure by making a payment of £1.24 ($1.65).

Information like name, DOB, home address, mobile/phone number, and email address, and some security questions are asked before finalising the payment.

The fields have been carefully curated to appear legitimate while credentials are stealthily stolen. The debit/credit card details are naturally captured through the small and seemingly innocuous purchase. 

Most countries’ health authorities never ask for financial details in an official email contact.

Authorities in charge are attempting to educate their communities about such issues, but far more needs to be done. 

It is a minor miracle nothing of the sort has yet happened in Australia at scale, though it sometimes feels like it is a matter of time. 

Somewhat humorously, the NHS was forced to publicise that “The NHS will NEVER ask for payment; the vaccine is free and does not require payment”.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.