Covid-19 SMS Scam Text Messages – How To Identify Scam Text Messages

As the coronavirus vaccine rolls out, Covid-19 scam text messages are on the rise. Attackers are attempting to take advantage of people’s ‘mental state’ to steal their data and money.


It all started when the pandemic began to spread around the world. AdaptiveMobile Security’s Threat Intelligence Unit reported a rise in Covid-19-related SMS text spam attacks. Fraudsters were selling fake prevention and cures. Then, as soon as many governments across the English-speaking world announced various Covid-19 financial reliefs and benefits, attackers used this information to commit cybercrimes.

It is not surprising that as soon as the coronavirus vaccines were announced, scammers seized this moment to attempt to perpetuate their exploits. That’s why, in the last few months we have seen an increase of these types of messages. Attackers offer a vaccination date by registering and entering personal data such as the person’s name, PPS number, date of birth and address.

In this post, we explore the structure of a spam text message and how subscribers can protect themselves from falling victim of text scam messages.

What is a scam message?

Let’s start by describing what is a scam text message or “smishing”. It describes any fraudulent message sent with the intention to obtain people’s data and money. These types of messages follow two basic principles: firstly, they are unsolicited messages and secondly, they are messages with a malicious purpose.

Scammers look to obtain something that may be of value to them. For example, your online banking information or your email address. With these details, the attackers seek to generate a database that they can then use to generate campaigns and develop a series of illicit activities to defraud enterprises and individuals. Making a profit is the main objectives of the fraudsters.

Why are Covid-19 scam text messages increasing?

The answer is simple, a text message is a direct method to target people and it is also one of the most effective communications channels. Attackers are aware of that; they also know that people are expecting to book a vaccination date soon. All this creates the perfect situation for the perpetrators to commit their attacks.

Also, as we are all using more and more on-line services and many people continue to re-use credentials (usernames and passwords) across multiple services. This represents a great opportunity for attackers to access many services. It results in even worse consequences when the service compromised is part of the security process of other services e.g., email – which enables password reset messages for other services to be intercepted.

How are scam text messages carried out?

When you think of SMS spam attacks you might envision a sophisticated gang of cybercriminals behind it, but the reality is that this is not always the case – there can be situations where these attacks are carried out by individuals using equipment as simple as SIMBank to commit their crimes. Take for example this case recently reported by the BBC in the UK.

“The equipment shown -SIMBank- can easily send hundreds of thousands of messages and, with attacks often associate with and timed to prey upon a current topic, they can be very damaging to anyone who falls victim to it”, Simeon Coney highlighted.

How to work out if a text message you receive is legitimate?

In order to create awareness and avoid people from falling victim to scam messages, we asked our CSO, Simeon Coney, to explain how can you as the recipient of a text message know if the message you receive is legitimate.

Simeon outlines that there are two parts of a message that you need to consider:

  • Who is the message from
  • And what are they asking you to do?

Knowing who a message is from sounds simple. Unfortunately, some attackers have worked out how to send spam text messages that look like they come from companies that you trust. For more information on this have a read of our blog on attacks against banking customers.

BOI scam text message

So, just because you recognise the name, or the number, or if your phone has put the message into the same thread as other messages from that source – that doesn’t mean the message is safe.

Coney continues, there are typically one of three things you would be asked to do:

  • Click on a web link
  • Call or Text a phone number given
  • Call or Text back the number who sent the message

Scam text messages with web links

Scam text messages with links can be very effective because they require less effort from the recipient. All you have to do is tap on the link in the message. This will either open a web page or an app on your phone. However, it is important to always look carefully as links can be of many different types.


Links to be aware of and which can be dangerous include:

  • Ones that mention the source or brand name, but have words added to the website address, or have the brand name at the start.

sms scam with brand name and fake url

  • Others that don’t mention the brand name in the URL but include it in the content of the message.

NHS covid spam message


Official NHS URL:

NHS url covid vaccine

As soon as you land on this website, you will notice that the website is insecure. When you look at the address bar you will notice the warning icon before the URL.

scam message with link

Although, the fraudsters did a good job by matching the look and feel of the real NHS website; it has the real logo, same brand colours, etc. But you will probably be suspicious when you look at all the personal details that it asks you for, such as proof of address and a payment card details.

NHS fake website - scam texts with links

The Covid-19 vaccine is free of charge so none public health organisation will ask you for either your bank / card details, pin or any copy of your personal documentation such as your passport.

  • Other website links to be careful of (and aren’t always bad) are Short URLs – ones that look like this:

Short URL Scam message

Even what looks like legitimate URLs can be used to redirect you – that is make your browser hop to another site (e.g., an Amazon, Google or Microsoft link) – so please check what is showing at the top of your browser screen in the address bar:

text spam fake url

If in doubt, firstly go to the website / care provider you know, NOT the link in the message, or the sender of the message. They should have information there indicating they’re now sending out messages.

Or call them on a number that you know is legitimate.

If the website looks really suspicious – you can test it at Google Safe Browsing Site checker and this will show you if the site is known to be good or bad.

Google Safe browsing site status
What are telcos doing to stop text message scam?

Many telcos have invested in SMS firewalls to stop scam text messages from being delivered to their customers. As the volume of attacks increases every day and attackers change techniques and sources to launch their attacks from, a firewall alone doesn’t prevent these types of attacks.

Mobile network operators need an advanced messaging traffic analysis & network security platform in combination with real-time threat intelligence to protect their subscribers, brands’ reputation and revenues ( including A2P monetization). For more information on how we can help MNOs, CPaaS providers and aggregators to protect their subscribers, please visit our page about SMS Messaging Protection.

Related insights

Infosecurity Magazine logo

Cyber-criminals Exploit Cloud Storage for SMS Phishing Scams

Read more

Tags: SMS scam

Enea in Mobile Europe

Cyber-criminals using AWS, Google and IBM services to steal data by SMS

Read more

Tags: SMS scam

Exploiting the Cloud: How SMS Scammers are using Amazon, Google and IBM Cloud Services to Steal Customer Data 

Read more

Tags: SMS scam

gsma logo

Establishing MoTIF: The Mobile Threat Intelligence Framework

Read more

Tags: Mobile Security

The fast mode

Enea, Zain KSA to Pilot World’s First Mobile Network Signaling Overlay Technology

Read more

Tags: Mobile Security