UK fears cyber criminals will use NHSX COVID-19 tracing app to launch cyber attacks

UK fears cyber criminals will use NHSX COVID-19 tracing app to launch cyber attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep their information safe from hackers.

This is according to a study carried out by Censuswide on behalf of Anomali, a leader in intelligence-driven cybersecurity solutions. The nation-wide survey, released today, examined consumer attitudes to the proposed tracing app, particularly their confidence and wider trust in the government to appropriately and justly handle the data collected for the scheme.

Other major findings from the report include:

  • Around 43% of respondents were concerned that the app would give cyber criminals the opportunity to send smishing messages or phishing emails.
  • Yet, only half (52%) felt they were savvy enough to differentiate between a legitimate email or text message and a phishing/smishing message.
  • A further third of respondents (33%) are concerned that the app might allow the government to track their whereabouts.
  • Over a third of respondents (36%) are concerned that the app might allow the government to collect data on them.

According to the NHS website: “Contact tracing is a tried and tested method used to slow down the spread of infectious diseases. The NHS COVID-19 App automates the process of contact tracing. Its goal is to reduce the transmission of the virus by alerting people who may have been exposed to the infection so they can take action to protect themselves, the people they care about and the NHS.”

The first phase of the initiative was piloted in the Isle of Wight earlier this month for testing before proposing a national launch. This study set out to gauge the trade-off between privacy and the “greater good” and what people’s comfort levels are when it comes to the government tracking them. Though many demonstrated concerns over the government tracking them via the app and even more respondents unsure about the government being able to keep their information safe from hackers, there was also apprehension about being targeted by opportunistic cybercriminals; and rightly so.

“At this stage, nobody knows where to get the NHSX app from, so it can be reasonably expected that consumers will be faced with floods of emails with bogus links to convincing looking domains to download the app from,” Jamie Stone, head of EMEA at Anomali, posited.

He explained that the link will simply be a web page that will ask people for more personal information than the genuine app and the information could be used in future attacks against the individual. Stone also warned over an increase in people being targeted by mobile phone communications.

“There is also the danger of smishing attacks; similar to a phishing attack, but the phish is done via SMS message,” he said. “Due to the smaller screen real estate, people will be less able to check the veracity of the link so will be more trusting and might click it.”

With thousands more domain registries for COVID-19 noted by Anomali over the past few months, the public will have to be extra vigilant when it comes to what they download or click.

“It’s tough to predict the increase in the volume of attacks we’ll see. However, we’re already seeing thousands of rogue and spoof COVID-19 domains being registered and used in attacks,” Stone explained. “Global interest around the virus, and each nation’s track-and-trace apps, means that attackers will likely use many of these domains to host phishing attacks via both email and SMS. People using COVID tracking apps need to be extremely vigilant and aware, ensuring that they’ve installed official government apps and that they are interacting with authentic messages from the agencies.”

The survey was carried out between 7th and 11th May by Censuswide among 1000 UK consumers.

Copyright Lyonsdown Limited 2021

Top Articles

teissTalk: Cyber Policy & Supply Chain Resilience

On 15 April, teissTalk host Geoff White was joined by a panel of four cyber security experts to discuss keeping supply chains cyber secure and resilient.

teissTalk: Malicious or Non-Malicious? Tackling the Remote Insider Threat

On 13 April, teissTalk host Jenny Radcliffe was joined by a panel of four cybersecurity professionals to discuss insider threats, especially the threat posed by remote workers.

Meet the teissTalk Hosts - The state of cyber crime in 2021

Social engineer Jenny Radcliffe and investigative journalist Geoff White, the joint hosts of teissTalk, introduce themselves

Related Articles