chalabala - Fotolia

UK Emergency Alert Test sparks cyber fraud warning

Fraudsters and scammers are likely to use the upcoming test of the UK's new mobile Emergency Alert system as bait in their attacks, while misinformation and conspiracy theories spread

A planned test of the UK’s new Emergency Alert SMS message service has prompted both cyber fraud warnings amid a surge of misinformation regarding the test – set to take place at 3pm on Sunday 23 April.

The national test will see people receive a message on the home screen of their smartphone, along with a sound and vibration alarm lasting up to 10 seconds. For the test, the text will read: “This is a test of Emergency Alerts, a new UK government service that will warn you if there’s a life-threatening emergency nearby.

“In a real emergency, follow the instructions in the alert to keep yourself and others safe. Visit gov.uk/alerts for more information. This is a test. You do not need to take any action.”

The message can be dismissed as one would dismiss any normal notification.

“Getting this system operational means we have a vital tool to keep the public safe in life-threatening emergencies. It could be the sound that saves your life,” said chancellor of the Duchy of Lancaster, Oliver Dowden.

The service replicates to some extent the US’ Wireless Emergency Alert (WEA) system, which is used across the country by federal, state, local, tribal and territorial authorities to send emergency messages from mobile to all mobile devices in a target area.

Besides public safety emergencies, the system is also used by the National Weather Service, the National Center for Missing and Exploited Children, and in the case of an extreme emergency, the president. Other countries operate similar systems.

However, amid a lack of awareness of the test and an uptick in misinformation about it, security experts are warning people to be on their guard against cyber fraudsters seeking to take advantage of it.

Lisa Webb of consumer advice service Which?, said that scammers would use any hook they could think of to try to steal money and personal data. “Unfortunately, the government’s upcoming nationwide test of its new Emergency Alerts system will be no exception,” she said.

“It’s vital anyone who receives the official test alert is aware that no action is required. If you are asked to download an app or provide information, this is likely to be an unscrupulous fraudster trying to trick you and should be ignored at all costs. 

“The government has said it will be including a website link with more information about the alerts in the message it sends out, but it’s worth considering looking this information up separately through the official government website rather than risking clicking on lookalike links from fraudsters.

“People can report any scam calls or texts they receive to 7726. If you or a loved one do fall victim to a scam then contact your bank immediately and report it to Action Fraud,” said Webb.

Pippa Allen-Kinross, news and online editor at independent fact-checking organisation Full Fact, added: “We have seen multiple instances in which bad information about the emergency alert has already been shared thousands of times online.

“Be careful what you share on social media. Misinformation about this alert may lead to unnecessary alarm, and in some instances, may even cause people to opt out of future alerts – as many online have claimed they already have – based on incorrect information.”

The Full Fact team has found multiple instances of misinformation and several conspiracy theories about the test circulating.

Among some of the myths being spread are:

  • That the emergency alert will access personal data. This is untrue.
  • That it will match personal data with information collected through venue check-ins during the Covid-19 pandemic or the Covid-19 contact tracing app. This is untrue because since the alert does not collect data it is not technically possible – note additionally that the NHS Covid-19 app did not collect or share personal information, its alerts were based on physical proximity of devices.
  • That it breaches GDPR. This is untrue because receiving it is based on the physical fact of a device coming within range of a mobile phone mast and not its number – your mobile phone provider has not shared your number with the government to set up the system.
  • That it is a signal to activate lethal pathogens in Covid-19 vaccines. This is untrue, and a particularly dangerous lie spread by irresponsible, deluded fantasists. Al Edwards, associate professor of biomedical technology at the University of Reading, commented: “There is no mechanism known to physics or biology that could connect radio signals set by mobile phone data systems, to the biological or chemical materials found in vaccines.”

Concern for victims of domestic abuse

The scheduled test has also raised red flags for organisations working to safeguard individuals at risk of or experiencing domestic abuse or violence.

Many such people, women and men, have burner phones concealed from controlling partners or relatives, which could cause problems if they were to make a sudden noise, as planned.

Emma Pickering, senior operations tech abuse manager at charity Refuge, said: “These alerts will come through as a loud siren even if devices are on silent, and could alert an abuser to a concealed device.”

Fortunately, it is possible to opt out of the national test either by navigating to the device’s settings and turning off Emergency Alerts, or by switching the device off altogether.

“Refuge’s Technology-Facilitated Abuse and Economic Empowerment Team have put together two videos on how to turn these alerts off, both on Android phones and on iPhones for anyone that is concerned that these alerts will put their safety at risk,” said Pickering.

“We want to ensure as many survivors as possible know how to ensure these alerts are turned off on their hidden devices. We have more information on securing your devices – for example, your location settings or privacy settings – on refugetechsafety.org,” she added.

The government has also worked together with emergency services and partners including the Football Association and London Marathon to ensure minimal impact on events taking place on 23 April.

It is also warning anybody driving at the time of the test not to respond to it or activate their devices to dismiss it. The normal rules regarding the use of mobile phones behind the wheel continue to apply. Any manipulation of your mobile device behind the wheel, whether your vehicle is stationary or not – except in exceptional circumstances – is an offence that carries six driving licence penalty points, a £200 fine, and the possibility of a driving ban.

Read more about fraud

Read more on Hackers and cybercrime prevention