TIAA Anti-Crime Specialists continue to receive reports of phishing emails sent to NHS staff on a daily basis, including to or the organisation’s email accounts.

Fraud Alert Phishing email 1

  • The email above looked as if it had been sent from a genuine email address.
  • The second example below was entitled “NHS – Action Needed” and was sent to NHS mail users purportedly from the NHS Support Team.

Fraud Alert Phishing email 2

  • Clicking on the links in both emails could have downloaded malware onto the device to gain access to personal usernames, passwords and the organisation’s data.
How to protect your organisation from fraud:
  • Check for spelling mistakes or grammatical errors in the email, including in the sender’s email address.
  • National guidance is to report all phishing emails to:
  • Stop and think before replying or clicking on a link. Are you expecting the email?
  • Question the source of the email if you think it isn’t genuine. Never be rushed into responding.
Action Required

This alert provides information and advice to NHS employees about fraud and economic crime and the risks associated with it. Do not click on any links within the emails and do not enter any username or password. If you have done this, change your NHS mail/other email password immediately. Contact your organisation’s ICT Team for further guidance to ensure your device, and personal and work information are kept safe.

For further discussion and support, including fraud awareness training services, please contact us