Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Beware Of This Active UK NHS COVID-19 Vaccination Phishing Attack

Beware Of This Active UK NHS COVID-19 Vaccination Phishing Attack

A very active phishing campaign is underway pretending to be from the UK’s National Health Service (NHS), alerting recipients that they are eligible to receive the COVID-19 vaccine.

Today, numerous Twitter users began reporting that they received this phishing email, with some being in the right age group to be eligible and thus falling for the scam.

There are multiple variants of the phishing emails, but they all claim to be from the NHS at [email protected] (the real NHS domain is and use mail subject similar to “IMPORTANT – Public Health Message| Decide whether if you want to be vaccinated.”

The phishing email, shown below, asks the recipient if they want to accept or decline the invitation to schedule their COVID-19 vaccination.

Also Read: 10 Practical Benefits of Managed IT Services

UK NHS COVID-19 vaccination phishing email 
Source: Twitter

Regardless of the button selected, the recipient will be brought to a fake NHS site stating that they were chosen for the vaccination based on their medical history and genetics.

“The NHS is performing selections for coronavirus vaccination on the basis of family genetics and medical history. You have been selected to receive a coronavirus vaccination,” the phishing landing page reads.

Phishing scam landing page

The recipient will again be asked to accept or reject the invitation, but regardless of the button entered, they are pushed through a series of pages asking for personal information. This information includes the person’s name, mother’s maiden name, address, mobile number, credit card information, and banking information.

Phishing page collecting information from the victim

Once this information is submitted, the phishing page will state that the application is confirmed and that the NHS will contact the person to schedule the appointment.

After a few seconds, the page will redirect the browser to the real NHS site at

NHS will never require this info for a vaccine

To help people spot NHS COVID-19 phishing scams, the NHS tweeted today that the vaccine is free of charge and that they will never ask for bank account info or copies of personal identification documents.

The NHS has created a webpage explaining how people will be contacted to receive the COVID-19 vaccination and spot a scam.

It is also important to remember that the NHS’ website is at and not in the format of or, like other UK government websites.

If you mistakenly submitted your information as part of this phishing scam, you should assume that your information will be used by the threat actors for identity theft or other malicious purposes.

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

To be safe, the UK Information Commissioner’s Office (ico.) recommends that people perform the following steps:

  • Report all lost or stolen documents, such as passports, driving licences, credit cards and cheque books to the organisation that issued them.
  • Inform your bank, building society and credit card company of any unusual transactions on your statement.
  • Request a copy of your credit file to check for any suspicious credit applications.
  • Report the theft of personal documents and suspicious credit applications to the police and ask for a crime reference number.
  • Contact CIFAS (the UK’s Fraud Prevention Service) to apply for protective registration. Once you have registered you should be aware that CIFAS members will carry out extra checks to see when anyone, including you, applies for a financial service, such as a loan, using your address.

    CIFAS – The UK’s Fraud Prevention Service
    6th Floor
    Lynton House
    7 – 12 Tavistock Square
    WC1H 9LT

BleepingComputer also suggests that victims be on the lookout for targeted phishing scams that utilize this information to try and gain access to your online accounts or other information.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us