Counter Fraud Newsletter




Current Fraud Alerts

Be Alert to Phishing Attempts

Reporting Fraud



The NHS Counter Fraud Authority is currently estimating that the NHS is vulnerable to £1.264 billion worth of fraud each year. Fraud against the NHS could be committed by anyone. This includes members of staff, patients, contractors, suppliers, medical professionals and external parties, such as cybercriminals. Fraud takes taxpayers’ money away from patient care and into the hands of criminals. Everyone has a part to play in fighting fraud and being aware of the risk and remaining vigilant are the most important first steps, followed by knowing how to report fraud. If you have any suspicions that fraudulent activity may be occurring, please report this at the earliest opportunity to your Counter Fraud Specialist.


Current Fraud Alerts

Impersonating a Medical Professional

The following are some actions that can be taken to reduce the likelihood of such a fraud being successful: Ensure you are fully assured that any agencies being utilised are undertaking robust pre-employment

Be vigilant for underperformance and challenge this immediately to protect patient safety in the event that someone is suspected of impersonating a medical professional.

The NHS Counter Fraud Authority has identified a trend in fraud offences relating to the impersonation of medical professionals. This is where a member of bank or agency staff registers with an agency, meets the identification and qualification requirements and books onto several shifts but where the person that turns up to carry out the work is a completely different person. These frauds are proving to be successful due to robust ID checks not being carried out when the person arrives to work and in many cases, the person will arrive late to ensure there is more pressure on the need to begin work, which overrides the ID checks that may otherwise be carried out. The NHS Counter Fraud Authority reports that in one case, an agency nurse booked onto hundreds of shifts across multiple counties, but an unknown number of unqualified people posed as the original nurse and worked the shifts instead. This type of fraud raises significant concerns for patient safety.

Mandate Fraud

checks on all individuals, in compliance with the NHS Employment Standards.

There is an ongoing need to protect the NHS against mandate fraud. Mandate fraud is a type of fraud in which a criminal makes contact with an NHS organisation and requests a change to a bank account mandate, such as a direct debit, standing order, or bank transfer mandate. The criminal will often pose as a legitimate supplier or contractor, and may provide forged documentation to support their request. The genuine supplier details are usually obtained from a range of sources including email interception, insider knowledge, social media, and open-source research.

During the interview stage, check a form of photo ID of the prospective candidate to ensure the photograph is a true likeness of the person being interviewed. When the person arrives for their first day of work, check their photo ID again to ensure the person who has arrived for work is the person expected. Be aware of any attempts of them to conceal their identity, such as refusing to remove a face mask as this could be an indicator that they are not who they claim to be.


Once the mandate change has been processed, the criminal will be able to divert payments into their own account. This can result in significant financial losses for the victim. The following are some actions that can be taken to reduce the likelihood of such a fraud being successful: Be wary of unsolicited requests to change bank account details. If you receive a request from a supplier or contractor to change their bank account details, do not action it immediately. Instead, contact the supplier or contractor directly using the established contact details held on the existing internal record to verify the request.

Check all documentation carefully. If you do receive a request to change bank account details, be sure to check all documentation carefully before making any changes. Look out for any inconsistencies or errors, and be suspicious of any documentation that is poorly produced or unprofessional. Keep your supplier and contractor contact details up to date. This will make it easier to verify any requests to change bank account details. Educate your staff about mandate fraud. Make sure that you and your staff are aware of the signs of mandate fraud and know how to report it.

Be sure to record and report every mandate fraud to your Local Counter Fraud Specialist, your Counter Fraud Champion or the NHS Counter Fraud Authority, regardless of whether money has been paid or not. The more reports that are received, the greater the likelihood that fraudulent phishing emails will be detected. To give some context about the impact your actions could have, for the whole of the 2022/23 financial year, the overall financial impact of mandate fraud activity (detected, prevented, recovered) across the whole NHS and wider health group was in excess of £34 million, with a substantial proportion of that coming from preventative work undertaken within NHS bodies.


Be Alert to Phishing Attempts You may remember the July 2023 scam video of Money Saving Expert Martin Lewis on social media. The deepfake footage showed ‘Martin’ sitting

in his office and discussing an investment in something called ‘Quantum AI’ which was supposedly associated with Elon Musk. Although the video was quickly denounced as a computer-generated fake, it is a frightening example of the way that criminals are becoming increasingly sophisticated in the ways they target potential victims.


A s technology continues to advance, so too do the tactics employed by malicious actors seeking to exploit the vulnerabilities of both individuals and organisations. These scams have evolved into an elaborate web of deception, tailored to deceive even the most cautious among us. Derived from the notion of ‘fishing’ for personal information, phishing has become an umbrella term encompassing several techniques. Each technique carries its own nuances, casting a wide net to extract sensitive information from individuals such as passwords, financial details, or personal data.

Pharming: Pharming is a cyber-attack intended to redirect a website’s traffic to a fake site. In this scam, cyber criminals install malicious code on a user’s computer or server, which automatically directs the user to a fraudulent website, even if the correct URL is entered. The objective is typically to collect personal data, login credentials, or credit card data. As the website often looks identical to the original, users may not realise the deception until it’s too late. Spear Phishing: Spear phishing is a more targeted version of phishing, which is tailored to and directed at specific individuals or companies. Spear phishers will often spend time researching their targets to create highly personalised and convincing messages. The goal remains the same: to trick the recipient into revealing sensitive information or to install malware on the target’s network. Due to their targeted nature, spear phishing attacks are often more difficult to detect and therefore potentially more dangerous. Examples of this type of attack can include members of an organisation’s finance team being asked to send money on behalf of the owner of the business, and that it needed to be done quickly, without following up with a telephone call. Whaling: Whaling is a type of phishing attack that specifically targets high-profile employees, such as CEOs or CFOs, to steal sensitive information from a company. These attacks are typically well-crafted and personalised to the target, making them harder to detect. Clone Phishing: Clone phishing involves creating an almost identical replica of a legitimate message to trick the recipient into thinking it’s the real thing. This could involve replacing legitimate attachments or links with malicious ones. The best way we can avoid falling foul of these scams is to ensure we are aware of the risks, educate ourselves on what signs to look out for and to be vigilant in both our personal and professional lives.

Hovering over any links in the email to see if the link is pointing to the location stated. Communications from official organisations generally will not request personal information, such as passwords or bank details, via email. If this kind of information is being requested, it may be a scam. The sender’s email address may be slightly different to the email address format of the organisation, such as a letter being changed or a number being added. Consider the wording of the email and whether it contains spelling and/or grammatical errors. Emails from official organisations will rarely contain such mistakes. Compare the sender’s email address to the name in the signature. If they do not match, it may be a scam. Check that the email is addressed to you. Legitimate organisations will generally tailor emails to the recipients name. If the email simply states ‘Hello’ or ‘Dear customer’, it may be a scam. If you receive a text message requesting you to call a number or click on a link, look at the sender. If it is an unrecognised number, or from a source you are not expecting to hear from, it may be a scam. Never give out your password via any medium. Official organisations such as banks and government agencies, will never ask you to give out your password, either via text message, email or phone call.

So, what do these terms mean and what can we do to protect ourselves against them?

Phishing: Phishing is a method of attempting to gather personal information using deceptive emails and websites. It involves a cyber criminal sending out emails that appear to be from reputable sources, with the aim of convincing individuals into revealing sensitive data such as usernames, passwords, or credit card details. These emails often encourage the recipient to visit a fraudulent website, where they’re prompted to input their personal data or to click on a link that installs malware on their computer. Smishing: Short for ‘SMS phishing’, smishing is a type of fraud that uses mobile phone text messages to lure victims into visiting fraudulent websites, downloading malicious content onto their devices or calling back a premium rate number. Smishing messages often appear to come from a trusted source such as a bank or online service provider and may contain urgent requests for personal or financial information. They may also come across as threatening, warning of negative consequences if the recipient does not take immediate action. Vishing: Vishing, also known as ‘voice phishing’ involves the use of telephone calls or voice messages pretending to be from legitimate businesses or authorities to trick individuals into revealing personal, financial, or security information. The scammer might use caller ID spoofing techniques to make the call appear to come from a trusted number. Like other types of phishing, vishing preys on people’s trust and fear to deceive them into giving up sensitive information. Examples we have seen of this happening recently are perpetrators claiming to be from HMRC and demanding.

The content of this document is intended to give general information only. Its contents should not, therefore, be regarded as constituting specific advice, and should not be relied on as such. No specific action should be taken without seeking appropriate professional advice.

Some top tips are:

Do not open attachments or click on links within emails from sources that you do not recognise. Similarly, even if you do recognise the source, be wary. If you are not expecting to receive an email from them, do not open attachments or click on links.

If you receive an email, inspect it carefully and look at the following:


Reporting Fraud Everyone has a part to play in fighting fraud. If you work for the NHS and suspect any fraud, bribery or corruption against the NHS, please contact your Local Counter Fraud Specialist. Alternatively, please contact the NHSCFA 24 hours reporting line by calling 0800 028 4060 , or by completing the online reporting form. All reports are treated in confidence, and you have the option to remain anonymous.

0330 058 6559



Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8

Made with FlippingBook Learn more on our blog