Protecting your organisation from email scams

Protecting your organisation from email scams

You will have read last week about reports that care providers have seen a rise in scam emails. Alongside the National Cyber Security Centre, we’re offering support and advice about what to look out for.
These attacks are known as phishing emails, where criminals impersonate an individual or an organisation to gain private information. Among businesses and charities that reported a cyber security breach or attack last year, around 80% experienced phishing attacks.
Digital Social Care’s Katie Thorn tells you what you need to know about email scams and where to get help if you become a victim.


What is phishing?

Phishing is where criminals send fake emails to scam private information or bank details from you. They take on another identity, either an organisation or a person. For example, it may look like a legitimate email from your bank.

Criminals send these emails as widely as possible to lots of people in the hope that you’ll click on a link and provide your details or download an attachment.

As well as scamming bank details, it could also be part of ransomware attack. This is where criminals can access your computer and block or steal files for financial gain.


How easy is it to identify a phishing scam?

Some are easy to spot. The ones we’re all aware of are the stories like a foreign prince who wants to give you millions of euros.

But some can be very convincing and difficult to spot; using logos, imagery and identities of people or brands that you know.

Your spam filter should manage to catch a lot of these emails. However, some do sneak through and it’s usually the more sophisticated ones that are harder to spot that will get through a spam filter.


What should providers be looking out for?

The key thing is to always look at who is sending the email. Hover your mouse over the name of the sender and it’ll show you the actual address it’s coming from. If it’s not what you’re expecting, that’s a simple way to tell it’s fake.

Quite often you’ll see spelling mistakes or random capitalisation in the middle of words. They also might ask you to provide your personal details.

For example, your bank will never email you asking you to provide your password or give them your account details. Something like that would be a phishing email.


What kinds of phishing emails are affecting social care providers?

At the beginning of the pandemic we saw a lot of scams around PPE equipment.

Our concern now is that because care homes are some of the first to receive COVID-19 vaccinations and are expecting to be contacted, unfortunately cybercriminals may take advantage of that. You may receive emails that look like it’s to sign up for the vaccination programme, but it’s criminals looking to access your information.


What is your advice to providers?

The most important thing is to be vigilant. It’s easy to tackle if you’re just aware that it could happen.

Don’t click on links in emails from people that you don’t trust. If you are unsure, call the company or person you think the email is from and ask them if it’s genuine. Don’t provide bank details or banking information over email.

If you’re using NHSmail, you can report spam to them and then will check it for you. If you’re using any other email service, the National Cyber Security Centre will do the same. If it’s spam, they will block it.

Also remember to speak to your staff about email scams and how they should be careful about what they click on.


What should you do if you click on a link and then realise it’s a phishing email?

If you think you’ve become a victim of a scam, you should report this to Action Fraud straight away. There’s a dedicated phone line and email address, and they will be able to help you.


Where can providers go for more information?

The National Cyber Security Centre has lots of detail for providers about staying safe online and email scams. It’s also got specific information and advice according to the size of your organisation.

Back to News