Expert Insights

Latest news stories and opinions about the Dental, GP and Care Industries. For your ease of use, we have established categories under which you can source the relevant articles and news items.

11th March 2016

Do Your Staff Know About Email Fraud?


Many types of fraud exist and email is a popular and inexpensive way of distributing fraudulent messages. Most fraud is carried out obtaining access to account numbers and passwords. Everyone should be aware not to respond to any message that asks for money or personal information e.g. passwords. Fraudsters move with the times with many aware that emails could mislead naive employees to disclose practice or personal information that may be sensitive or confidential.

Be careful before opening emails

Staff need to be aware of the dangers and should be vigilant in their use of email. Unsolicited email, including spam, frequently contain file attachments or embedded internet links, some of which could be malicious in nature. It’s easy to become complacent with the volume of emails we receive on a daily basis but staff should always be careful before opening emails with file attachments or links, particularly from an unknown sender. Staff who receive email must first assess whether the email is from a trusted source, if the subject matter is appropriate for email, or if the email is in any other way suspicious.


Those who misuse email will often cleverly disguise their intentions and may present a well researched and convincing cover to back up their story. An attacker may simply try to obtain information by pretending to be a work colleague or business associate by sending spoof email through the internet and directly asking for potentially sensitive information to be disclosed. "Phishing" scams are currently the most popular and thus dangerous form of email fraud. They use email messages that appear to come from a legitimate company or institution, such as a bank or regularly shopping site and ask users to "update" or "verify" their personal information; the scammers then use this information to commit identity theft.

Seek advice

If staff are worried about the authenticity or contents of any email they receive they should speak to the practice information governance lead (usually the Practice Manager) or the Caldicott Guardian (usually a senior GP) for advice. This will help to prevent a patient confidentiality breach or other security incident arising. Under no circumstances should suspicious email be routinely copied to others as this may create new risks to the information of the organisation.

Action Fraud

Action Fraud is the UK’s national reporting centre for fraud and internet crime where you should report fraud if you have been scammed, defrauded or experienced cyber crime. Their website has some useful information about what to do if you’ve received a scam email and what to do if you are victim of identity theft.


Action Fraud:

Alison Lowerson – QCS Expert GP Practice Manager Contributor

Topics: GPs

Leave a Reply

Partners with the UK's smartest companies

SCIE Access Skills DAA NC
Join over 19,000 users already using the QCS Management System!
Start Free Trial
Back to Top
Start FREE Trial Click here