Phishing emails – don’t let the fraudsters reel you in!

Advice and tips on how to spot these emails and protect the CCG from viruses…

Our local counter fraud officer has informed us of various suspicious emails circulating around the NHS at the moment.

Phishing is the name given to the practice of sending emails pretending to be from a genuine source to trick you into disclosing information.

Most of us receive dozens of new emails a week, at work and on personal email addresses. Some of these emails are asking for personal information and in return offering you something that appears too good to be true. If this is the case, then it probably is!

Many will ask you to verify or confirm your account details or personal information. This is just one method used by criminals to steal your identity and/or money fraudulently. Another outcome may be the emails contain a virus that will harm your computer and the organisation’s systems or are a hoax used to con and exploit you.

5 ways you can prevent becoming a phishing victim

1. Check the email ‘from’ field

Some emails may look like they’ve come from a genuine company or trusted colleague, but this may not be the case. The name which appears in the ‘from’ field doesn’t necessarily come from that source and is easy to fake. Check the exact wording and spelling, as the finer detail may be inaccurate and give you a clue the email is bogus.

2. Urgent emails from a senior manager

Look out for emails from senior members of staff instructing you to take unusual urgent action on something. This is more likely to ring alarm bells if they are asking for some kind of payment. You should never act on these requests. Seek confirmation with that person by talking to them or contacting them through other means. Don’t reply directly to the email.

3. Legitimate companies usually call you by your name

If you receive an email with a generic greeting, such as ‘Dear valued customer…’, it was probably sent out as a large batch. It is also likely they do not know your real name or anything about you.

4. Legitimate companies don’t request your sensitive information via email

A legitimate company would never ask you to reveal or verify your password via email. Never click directly onto the link on emails from any company. Always open your web browser and type in the address yourself as the email link is likely to take you to a false site.

5. Don’t take any chances!

Always ignore and immediately delete any suspicious emails. Don’t open them or click on any of the links provided.

Examples of phishing emails and how to spot them

View examples of the phishing emails and how to identify them by scrolling through the online gallery.

Support available

If you have any concerns or queries, please email Eleni Gill, the CCG’s Local Counter Fraud Officer or call 07827 308906.