How this new COVID-19 Passport email is hacking computers of HR departments’ employees

In a new online scam, a group of cybercriminals is posing as an IT services agency to send thousands of phishing emails containing a link to apply for a supposed “Coronavirus Digital Passport.” This link redirected users to a fake National Health Service (NHS) platform and was intended to collect confidential information.

The hackers posed as Concept Resourcing, a UK-based company to offer a digital passport to prove they had taken the COVID-19 vaccine. The phishing platform used by the hackers has already been removed.

The company whose name was usurped detected the scam and began implementing a contingency plan, advising users to ignore any communication with this hacking group and not click on these malicious links.

On September 15, the company began sending security alerts to confirm that its email servers had been compromised, which resulted in dozens of candidates and clients receiving this phishing message: “This message is not genuine and is part of a complex phishing scam that uses our email address for malicious purposes,” the company stated.

Subsequently, a representative of Concept Resourcing noted that the firm is working in collaboration with its email service provider and cybersecurity specialists in order to determine the causes of the incident and mitigate its potential impact: “We take steps to notify those affected from the moment we detect anomalies, in addition to hiring external cybersecurity consultants. The investigation is ongoing and we will reveal more details as soon as it is relevant,” the representative concluded.

The increase in online scams is just one more of the undesirable consequences that the pandemic has brought. Action Fraud, the UK’s fraud prevention and care agency, notes that as of June 2021, at least 700 reports of coronavirus-related scams, vaccines, health records and other topics had been filed.

The emails used by hackers contain information supposedly related to health and government agencies, since they know that users usually pay special attention to these issues and this gives them more chances of success.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.