Scammers are opportunists of the worst kind.
Unfortunately, they are out there trying to extort money from people by preying on their weaknesses, vulnerabilities, and fears. Scams are not new of course, people have been at it for years trying to tell you that your computer is at risk if you don’t let them fix it over the airwaves and paying them for it, and we all remember those calls ‘about your recent accident’ etc. Not surprisingly the scammers quickly latched on to the current pandemic and people’s fears about catching the Covid-19 virus.
If you are using the NHS Test & Trace system and / or the NHS Covid-19 app (and especially if you’re not!) take care when you are contacted by someone who is trying to get more information out of you than they should.
Key points to note about how NHS Test & Trace contact you:
If NHS Test and Trace calls you by phone, the service will be using the phone number 0300 013 5000
All texts or emails will ask you to sign into the NHS Test and Trace contact-tracing website
Contact tracers will:
- call you from 0300 013 5000. Local contact tracers will contact you from a local council number. If you are unsure if this is genuine, hang up and contact your local council for advice – they should be able to tell you what numbers they are using
- send you text messages from ‘NHStracing’
- ask you to sign into the NHS Test and Trace contact-tracing website – https://contact-tracing.phe.gov.uk – check links before clicking on them
- ask for your full name to confirm your identity, and postcode to offer support while self-isolating
- ask about the coronavirus symptoms you have been experiencing
- ask you to provide the name, telephone number and/or email address of anyone you have had close contact with in the 2 days prior to your symptoms starting
- ask if anyone you have been in contact with is under 18 or lives outside of England
Contact tracers will never:
- ask you to dial a premium rate number (for example, those starting 09 or 087)
- ask you to make any form of payment or purchase a product of any kind
- ask for any details about your bank account
- ask for your social media identities or login details, or those of your contacts
- ask you for any passwords or PINs, or ask you to set up any passwords or PINs over the phone
- provide medical advice on the treatment of any potential coronavirus symptoms
- ask you to download any software to your PC or ask you to hand over control of your PC, smartphone or tablet to anyone else
- ask you to access any website that does not belong to the government or NHS – these will always begin https:// (indicating a secure link) and include either ‘.gov.uk’ or ‘.nhs.uk’. If you look in the address bar when you access a site you should also see a little padlock on the left hand side of the address – clicking the padlock will give you more information on the security of the site.
People that are trying to scam you may ask you to ‘act urgently’ or emphasize that you or your family / friends will be at risk. They may be trying to sell you testing kits or offer testing facilities, ‘cures’, or vaccinations. They will be trying to get you to either pay for something over the phone (which means they can take a payment and they then have your card details) or getting information about you that they can use to get money in the future, hack your social media accounts, bombard you with advertising or anything else they can think to use it for.
Emails try to do the same thing – avoid clicking links in emails and go to a website directly, don’t be fooled into buying remedies, cures, or vaccinations.
If you are contacted just make sure you STOP, THINK, CHECK
STOP – the scammer will make the call or email sound urgent and that you must act at once – don’t!
THINK – has the call come from the number given above? Is the email address valid? Does the call or email want you to give over lots of personal details? Are they trying to sell you something?
CHECK – If you are unhappy about anything about the call or email take time to check out the number / email address / details you are given.
You can find more information here:
Sam Linton is a data protection professional and a GDPR Practitioner. Contact for Data Protection advice and services – firstname.lastname@example.org