Do Your Staff Know About Email Fraud?
Many types of fraud exist and email is a popular and inexpensive way of distributing fraudulent messages. Most fraud is carried out obtaining access to account numbers and passwords. Everyone should be aware not to respond to any message that asks for money or personal information e.g. passwords. Fraudsters move with the times with many aware that emails could mislead naive employees to disclose practice or personal information that may be sensitive or conﬁdential.
Be careful before opening emails
Staff need to be aware of the dangers and should be vigilant in their use of email. Unsolicited email, including spam, frequently contain ﬁle attachments or embedded internet links, some of which could be malicious in nature. It’s easy to become complacent with the volume of emails we receive on a daily basis but staff should always be careful before opening emails with ﬁle attachments or links, particularly from an unknown sender. Staff who receive email must ﬁrst assess whether the email is from a trusted source, if the subject matter is appropriate for email, or if the email is in any other way suspicious.
Those who misuse email will often cleverly disguise their intentions and may present a well researched and convincing cover to back up their story. An attacker may simply try to obtain information by pretending to be a work colleague or business associate by sending spoof email through the internet and directly asking for potentially sensitive information to be disclosed. "Phishing" scams are currently the most popular and thus dangerous form of email fraud. They use email messages that appear to come from a legitimate company or institution, such as a bank or regularly shopping site and ask users to "update" or "verify" their personal information; the scammers then use this information to commit identity theft.
If staff are worried about the authenticity or contents of any email they receive they should speak to the practice information governance lead (usually the Practice Manager) or the Caldicott Guardian (usually a senior GP) for advice. This will help to prevent a patient conﬁdentiality breach or other security incident arising. Under no circumstances should suspicious email be routinely copied to others as this may create new risks to the information of the organisation.
Action Fraud is the UK’s national reporting centre for fraud and internet crime where you should report fraud if you have been scammed, defrauded or experienced cyber crime. Their website has some useful information about what to do if you’ve received a scam email and what to do if you are victim of identity theft.
*All information is correct at the time of publishing