A good friend reached out earlier this morning to let us know they had been caught by a phish. This is a really impressive one and a reminder that the right phish at the wrong time can catch anyone. This friend is very tech savvy, so it's a stark warning that we can all be susceptible to these increasingly convincing scams.
They were due to travel next week and so the timing of this phish was unfortunate. It felt to them like it was something they were likely to receive, and all of the news about vaccine passports lent legitimacy to the scam.
When they clicked through the email and were taken to the criminal website, the site asked for details such as name, date of birth, mothers maiden name, and credit card details.
It is worth noting that both Google and Virus Total did not mark it as suspicious. It has now been submitted to Virus Total and will be distributed by Palo Alto, if you use another vendor it will be worth submitting to those too.
Below are a few screenshots of both the email and the website.
Remember that if you receive an unexpected email that asks you to click a link or download an attachment, it's always best to check with the supposed source rather than clicking in the email itself.
Be sure to add the address (not included here for safety, but you can see it in the last screenshot) to any block lists and remember to report any suspicious emails/texts to both your IT team and/or to the NCSC report a phish page.