top of page

Public urged to report COVID vaccine email scams

The public are being urged to forward any suspicious emails relating to the COVID vaccine to the National Cyber Security Centre (NCSC), as criminals are using coronavirus vaccines as a lure to obtain personal and banking details.

Following reports that criminals are using the vaccine to lure people into sharing personal details, the NCSC – which is a part of GCHQ – are asking people to send emails they were unsure of to its to Suspicious Email Reporting Service (SERS). The NCSC are encouraging people to be particularly vigilant against messages asking for financial or personal details and reminded the public that the vaccine is completely free. Sarah Lyons, NCSC Deputy Director for Economy and Society, said: “Cyber criminals’ use of the vaccine to trick people into sharing their financial or personal details is just their latest shameless attempt to exploit fears over the pandemic. “The good news is our that Suspicious Email Reporting Service is here to help keep people safe from exactly these kinds of scams. “The NHS will never ask for bank details or payments and we would urge anyone who receives an email like this to forward it to our reporting service – doing so could help protect you and prevent future victims.” People can report suspect emails to the Suspicious Email Reporting Service simply by forwarding them to All emails forwarded to the service are analysed and if they are found to link to malicious content, it will be taken down or blocked, helping prevent future victims of crime. Anyone receiving a suspicious text message can forward it to 7726. This free-of-charge short code enables the provider to investigate the origin of the text and take action, if found to be malicious. As well as encouraging people to use the SERS, the NCSC urged the public to be aware of the following points in relation to the vaccine:

  • The vaccine is completely free of charge.

  • The NHS will never ask you for your bank account or card details.

  • The NHS will never ask you for your banking PINs, passwords or passcodes, nor will they ask you to login to your online or mobile banking in order to make a payment.

  • The NHS will never arrive unannounced at your home to administer the vaccine.

  • The NHS will never ask you to prove your identity by sending copies of personal documents such as your passport, driving licence, bills or payslips.

Further info If you believe you’ve fallen for a scam, contact your bank immediately on a number you know to be correct, such as the one listed on your statement, their website or on the back of your debit or credit card. People can report suspect emails they’ve received but not acted upon to the SERS, simply by forwarding them to Those who have provided personal or financial details, or transferred any money as a result of a suspicious email, should report what has happened to Action Fraud as soon as possible by calling 0300 123 2040 or visiting For further advice on how to deal with suspicious emails, phone calls and text messages – including how to spot the most obvious signs of a scam and what to do if you’ve already responded – please visit the NCSC’s website: Criminals are experts at impersonating people, organisations and the police. They spend hours researching you for their scams, hoping you’ll let your guard down for just a moment. Stop and think. It could protect you and your money.

  • Stop: Taking a moment to stop and think before parting with your money or information could keep you safe.

  • Challenge: Could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.

  • Protect: Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page