The coronavirus health crisis has been a highly lucrative enterprise for scammers and cybercriminals. Although topics surrounding the pandemic have been heavily exploited for nearly two years, recent developments such as the appearance of the new COVID-19 variant have spurred additional global cybersecurity risks for individuals.
While phishing attacks citing the Omicron variant have already been reported targeting UK residents, the latest scam campaign caught by Bitdefender Antispam researchers targets a larger audience overseas.
This swindle uses Omicron to scare US citizens into ordering newly developed test kits that allegedly detect the variant. Unlike the UK version urging recipients to order PCR test kits via the NHS portal, scammers have upgraded their tactic in an attempt to throw Americans off the trail.
The message does not require users to access a link. It gives recipients a US-based telephone number to order test kits. The message, posing as an official US Department of Health and Human Services notification, also threatens those who refuse to take the new tests with a mandatory 10-day isolation period.
Scammers seem to have copy-pasted some of the text used in the UK version, adding a separate paragraph containing a list of Omicron symptoms.
“Common symptoms include Fever, Cough, shortness of breath & Breathing Difficulties,” the bogus email reads. “Sometimes you will not be able to recognize that you are affected by the virus.”
Both UK and US versions originate from IP addresses in the US and seem to be the product of the same cybercriminal group. Depending on the evolution of the health crisis and the geographical spread of the new variant, our researchers expect more localized phishing emails to crop up in coming weeks.
Individuals who are duped into calling the number will most likely end up speaking directly to the scammers, who plan to trick them into handing over personal information including their credit card details.
We advise all users to remain vigilant and not fall for this or any similar solicitations regarding the acquisition of Omicron tests. Never provide sensitive data or financial details via unsolicited phone calls, emails or text messages, and report any suspicious activity to local law enforcement offices.