Man with laptop and phone

Just as you thought that cybercriminals had exploited every aspect of the pandemic, there are now warnings to beware of fake contact tracer messages.

Contact Tracing in the UK

Here in the UK, NHS contact tracers are now contacting people who are believed to have been in close contact with those who have tested positive for COVID-19. 

The system works by those who test positive completing a form that details where they have been.  Additionally, they must include who they have been in contact with and when.  The NHS tracer then contacts those who are believed to have been in close contact via phone or text.  The person contacted is asked self-isolate for 14 days, the period by which symptoms of an infected person should have shown.

Close contact is defined as face-to-face contact or close proximity for more than 15 minutes. 

This contact tracing service has been put into place before the app. The app is designed to automatically do the same thing but has not been released yet.

Fake Contact Tracer Messages

The type of scam messages that have already been observed by many people was highlighted by Stuart Fuller, Chairman of Lewes Football Club.  On his Twitter page, Mr Fuller shared a screenshot of a text message from fraudsters and warned that such messages are not genuine.  Furthermore, that clicking on the link in the message would lead to a phishing page.

The screenshot showed a text message which had a recommendation for the recipient to self-isolate because they had been in contact with someone who had tested positive for or showed symptoms of COVID-19. 

The message included a link to follow for the recipient to get more information.


On his blog, ethical hacker Jake Davis highlights why there is a problem with the UK government using SMS during COVID-19.  He explains that people are more vulnerable than ever to fake information and SMS messages can easily be made to look as though they come from the government. 

In a blog post, Mr Davis says that making an SMS message appear to come from the government is as simple as inserting “UK_Gov” instead of some digits as the sender.  This makes it quite easy for scammers to send fake contact tracer messages.

Furthermore, with some of the contact tracers making contact via telephone there is worry about vishing attacks.  Whilst the government recommends people check the phone number of the person claiming to be a contact tracer (0300 013 5000), phone numbers can be spoofed. 

What Does This Mean For Your Business?

This and other similar types of smishing, vishing and phishing attacks are predicted to increase this year. Their success and prevalence are a sign of how vulnerable the COVID-19 outbreak makes people feel. Our emotional reactions to information about health and financial matters are playing into the hands of criminals. 

Companies and organisations need to educate their staff about the threat, and individuals need to be vigilant. Use caution with any unusual SMS messages, suspicious emails or unsolicited phone calls. Be particularly wary of those that offer rewards, create panic, warn of unpleasant consequences, or apply a feeling of pressure to act.

Finally, bear in mind that it is relatively easy to fake the source of a text message and although receiving such a message may at first be a shock, it is worth checking that the supposed government/NHS SMS is genuine before thinking about clicking on any links.

Back to Tech News

Lastly, if you would like to discuss your technology requirements please: