Brits fear cybercriminals will use NHSX COVID-19 tracing app to launch cyber attacks

New poll from Anomali shows 33% of respondents it spoke to are concerned that the app might allow the government to track their whereabouts – and about the same number are concerned the app might allow the government to collect data on them

Posted 27 May 2020 by Gary Flood

Nearly half (48%) of the UK public just surveyed about the proposed NHSX COVID-19 tracing app do not trust the government to keep their information safe from hackers, according to a study carried out by market researchers Censuswide on behalf of Anomali, a Cybersecurity firm working in the field of intelligence-driven cybersecurity solutions. 

The nationwide poll, released today, examined consumer attitudes to the proposed tracing app, particularly their confidence and wider trust in the government to appropriately and justly handle the data collected for the scheme. 

Anomali says it wanted to gauge the trade-off between privacy and the “greater good” and what people’s comfort levels are when it comes to HMG tracking them.

Fears about the tracing app seem to be about evenly split between concerns over the government tracking them via the app and respondents saying they were “unsure” about the government being able to keep their information safe from hackers.

Other major findings from the report include:

  • Around 43% of respondents were concerned that the app would give cyber criminals the opportunity to send smishing messages or phishing emails
  • Only half (52%) felt they were savvy enough to differentiate between a legitimate email or text message and a phishing/smishing message
  • A further third of respondents (33%) are concerned that the app might allow the government to track their whereabouts
  • Over a third of respondents (36%) are concerned that the app might allow the government to collect data on them.

According to the NHS website: “Contact tracing is a tried and tested method used to slow down the spread of infectious diseases. The NHS COVID-19 App automates the process of contact tracing. Its goal is to reduce the transmission of the virus by alerting people who may have been exposed to the infection so they can take action to protect themselves, the people they care about and the NHS.”

The first phase of the initiative was piloted in the Isle of Wight earlier this month for testing before proposing a national launch.

“At this stage, nobody knows where to get the NHSX app from, so it can be reasonably expected that consumers will be faced with floods of emails with bogus links to convincing looking domains to download the app from,” Jamie Stone, head of EMEA at Anomali, states. 

“There is also the danger of smishing attacks, which are similar to a phishing attack, but the phish is done via SMS message,” he adds. “Due to the smaller screen real estate, people will be less able to check the veracity of the link so will be more trusting and might click it.”

With thousands more domain registries for COVID-19 noted by Anomali over the past few months, the public will have to be extra vigilant when it comes to what they download or click, the firm is warning.

“It’s tough to predict the increase in the volume of attacks we’ll see. However, we’re already seeing thousands of rogue and spoof COVID-19 domains being registered and used in attacks,” Stone warns. “Global interest around the virus, and each nation’s track-and-trace apps, means that attackers will likely use many of these domains to host phishing attacks via both email and SMS.

“People using COVID tracking apps need to be extremely vigilant and aware, ensuring that they’ve installed official government apps and that they are interacting with authentic messages from the agencies.”

The survey was carried out between 7th and 11th May by the polling company among 1000 UK consumers.