Skip to main content
Creating a new NHS England: Health Education England, NHS Digital and NHS England have merged. More about the merger.

Guidance on phishing emails

Find out how you can stay safe and vigilant against phishing emails, including advice on how to spot a suspicious email and how to report it.

Coronavirus phishing emails

We've recently seen a number of examples of coronavirus (COVID-19) related, malicious cyber activity. 

These include:

  • advance fee fraud (where someone asks for payment in advance for goods and services)
  • phishing emails (where an email includes a link to a malicious website)
  • emails containing attachments containing malware

There are examples of various campaigns which seek to replicate, or pretend that they are from, organisations such as the World Health Organisation (WHO), the UK Government (GOV.UK) and HMRC, amongst others. There are also examples of fake websites which impersonate NHS organisations, which contain malware (including Ransomware).   

image of mobile phone with phishing message

What you need to do

Whilst the Data Security Centre works to block these threats before they reach individuals, it's inevitable that some do get through. It's essential that all staff remain vigilant, particularly during the current period of uncertainty and anxiety around coronavirus, and take the necessary precautions to protect their organisations and ultimately, patient data.  

We would advise: 

  • Be suspicious of emails that ask you to check, renew or share your logins or passwords
  • Don’t open attachments or click on links in emails without first establishing they are legitimate – for example, were you expecting to receive the email?
  • Hover over links (without clicking) to see if the link looks legitimate – in many basic Phishing attempts, the actual link differs from the one you see in the email
  • Check the source of the email – do you know the sender?  Be wary if not, and try to verify the sender
  • If the content of the email tries to persuade you to do something that seems too good to be true, it probably is
  • If the email claims to be from an official source, it will likely have graphics and images.  Do they look legitimate? An official source will never ask you to share personal details or login credentials
  • Check for spelling and grammatical errors in emails – these are often a tell-tale sign of spam
  • If in any doubt, contact your ICT team for advice

Contact us

If you're a NHSmail user and you receive a suspicious email, you can report it using the “Report Phishing” button on the ribbon within Microsoft Outlook, or forward the email as an attachment, to [email protected]

Non-NHSmail users should follow the process for reporting spam emails in their organisation.

For further advice, please contact the Data Security Centre by emailing [email protected].

Last edited: 16 November 2021 4:46 pm