We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Phishing is one of the most common tactics employed by hackers, requiring little effort and generally preys on the less cyber-aware. It's also the most common way for organisations to suffer a cyber attack.
About the phishing training
Our simulated phishing training has been developed to raise awareness of phishing emails amongst health and care staff. It's been created in response to the National Data Guardian’s review to raise public confidence in the security of their personal information.
The training is available upon request to organisations across the health and social care sector.
How it works
The training consists of a simulated phishing email, which is sent to staff within your organisation. A link within the email will take them through to an animation on how to spot the signs of a phishing attack, to increase their understanding of what to look out for in the future.
The phishing simulation will run for 2 weeks. After the simulation has finished we will provide you with a report on the actions your staff took.
We will also provide a link to the animation, which you can share with your staff.
Best practice recommends that organisations perform phishing simulations every 6 months. Your first phishing simulation will provide you with a baseline for how successful the simulation was. Future simulations will allow you to identify how well your staff have performed against the initial baseline.
How to register
Complete this form to register for the simulated phishing email training, or to request additional future training.
Our non-NHSmail simulated phishing pilots have now ended and we are currently considering our service offering. If you would like to be notified when a simulated phishing service for non-NHSmail organisations is available, please register your interest by contacting email@example.com.
NHS Digital’s Data Security Centre acts as a data processor. We have direction (s.254 of Health & Social Care Act 2012) to process this information under the Health and Social Care Act 2012. You can email us at firstname.lastname@example.org for further information.