Cyber-Enabled Salary Diversion Fraud Alert


The NHS Counter Fraud Authority continues to identify further active threats of cyber fraud towards the NHS in relation to payment salary diversion attempts. In this case it is that the staff member who is being targeted themselves rather than the payroll function/ body.

This fraud involves a phishing email being directed to the staff member. The email contains a link to a website which appears the same as the NHS ESR log in page. The fake page allows the fraudster to collect the staff member’s username and password, to access the real ESR account. There are controls in place to restrict changes to bank details accessed remotely; however, once access to the staff member’s ESR account is obtained, fraudsters are also able to obtain further personal information on the victim and use this for fraudulent purposes.

Actions to protect yourself from fraud

  • NHS employees must always be vigilant about emails purporting to be from their HR, payroll or ESR team and asking them to provide their username and password.
  • Phishing emails will often create a sense of urgency by using false incentives or deadline pressures. This is social engineering.
  • Payroll, HR and ESR teams will never email NHS employees and ask them to log in to ESR by clicking on a link.
  • Never give out any personal details via email.
  • Never click on any suspicious looking links as this can provide verification of an active e-mail address.
  • Be vigilant of email addresses that appear to be from an NHS organisation but which are slightly altered, email addresses that are not recognised, or use of public domains (i.e. @gmail.com)
  • If in doubt, verify the authenticity of the email by contacting the sender through your normal means of communication. Do not reply or call any number on the email.
  • Change ESR passwords on a regular basis and closely monitor bank account statements to make sure that funds have not been diverted.
  • Maintain strong password security.
  • Enable and use two-factor authentication (2FA) via the NHS CRS smartcard if this is possible.

How to report fraud

  • NHS employees who believe they have been a victim of this type of fraud should carry out a credit history check to identify any anomalies. All incidents of suspected fraud against the NHS organisation should be reported to the nominated AFS (contact details are included in this alert) or the NHSCFA by calling 0800 028 4060 or online at cfa.nhs.uk/reportfraud
  • Any attempted or successful frauds of this type should also be reported to Action Fraud for their information and intelligence, to help produce guidance to stop this type of fraud recurring.

Latest News & Insights

LOCATIONS

MIAA, Regatta Place
Brunswick Business Park
Summers Road
Liverpool
L3 4BL

Email: miaa.admin@miaa.nhs.uk

Tel: 0151 285 4500 (9am - 5pm Mon-Fri)

FOLLOW

Twitter Linkedin

STAY CONNECTED

Get in touch at miaa.admin@miaa.nhs.uk

© Copyright - MIAA