I’m concerned that fraudsters will disguise themselves as the NHS Test and Trace Service, and trick people into giving over sensitive personal information – and maybe even some money.
The Government’s top medical advisers, however, seem to think that it will be obvious if a caller is a scammer or not, because scammers won’t sound “professional”.
Obviously that’s a ridiculous claim, and could give the public a false sense of confidence.
So how could we better protect people from giving information in response to fraudulent SMS texts and phone calls? How could we stop them visiting a bogus link that pretends to be the NHS Test and Trace site, but is really intent on scooping up their data?
Well, maybe Coronavirus test and trace schemes could learn something from banks.
Banks don’t just keep an eye open for phishing sites posing as their domains. They also give you a bank card, and on the back of it is a phone number you can ring if you ever need to speak with them.
That way, if someone rings you up out of the blue claiming to be your bank you can say “thank you very much, I’ll call the bank to confirm you’re not a fraudster”.
One of the things – aside from using advertising and publicity – the UK Government could have done is write to every household, giving each home a card that we could stick up in the kitchen (next to the Barnard Castle fridge magnet) telling us the name of the real website to visit and a phone number we could call if we are contacted by a tracer.
It doesn’t stop fraud 100%. Some people still wouldn’t go to the legitimate website, or would be socially engineered into giving their details to fraudsters posing as the NHS Test and Trace scheme.
But it’s probably a better way of ensuring everybody in the country has the correct information about what to do – if they receive a call from a supposed Covid-19 tracer – than anything else the Government is currently doing.
To hear more discussion of this issue, make sure to listen to this episode of the “Smashing Security” podcast: