Protecting yourself from fraud

Advice and guidance for NHS staff on how to avoid falling victim of fraud during the COVID-19 pandemic, in line with advice from the City of London Police.

Who is this guidance for?

This advisory guidance on this page is for all NHS staff and provides awareness of the personal fraud risks during the COVID-19 pandemic.

What are the risks?

Whilst the NHS and government’s response to the COVID-19 pandemic is evolving, we know that criminals will take advantage during times of crisis to defraud people. They will continue to exploit every opportunity for fraud during this national crisis and we want NHS staff to be prepared.

We want staff to be aware of the very simple steps they can take to protect themselves from handing over their money or personal details to criminals.

The NHSCFA is working with our stakeholders to protect staff and raise awareness of the current fraud risks. It is important that staff remain vigilant as ever when dealing with:

Unexpected or suspicious emails or text messages

Cyber criminals are preying on the fears of the coronavirus (COVID-19) and sending scam emails and text messages that try to trick people. Some may look genuine, but it is sensible to check the recipient/sender details to see if they are known to you.

This is especially important during this pandemic as criminals are seeking to make the most out of email/phishing scams.

Email addresses should always be checked to verify accuracy. In most cases the main purpose is to get your details, whether personal or financial.

We are aware of HMRC coronavirus SMS scams telling customers they can claim a ‘goodwill payment’. Do not reply to the SMS and do not open any links in the message.

This is an example of the scam wording:

'As Part of the NHS promise to battle the COV- 19 virus, HMRC has issued a payment of £258 as a goodwill payment. Follow link to apply.'.

Another HMRC SMS scam states you will be fined £250 for leaving the house more than once. The message asks recipients to call an 0800-telephone number to appeal.

Don’t click on the links or attachments in suspicious emails, and never respond to unsolicited emails that ask for your personal or financial details.

For more information on spotting and dealing with suspicious emails, please visit:

You can also protect your devices from the latest threats by installing the latest software and app updates. For information on how to update your devices, please visit:

Unsolicited calls that ask for your personal or financial details

Fraudsters can phone people and pretend to be from the bank, the police, or other well-known organisations. Scam calls can sound genuine and professional. Often the caller will try to create a sense of urgency in the action they want you to take.

But it pays to take time to stop… and think – is this call genuine?

Remember banks will never ask you to:

  • Share your account details like user ID, password and memorable information
  • Disclose your Personal Security Number (PSN) for telephone banking
  • Disclose your PIN code, expiry date or CVV number (which is the last 3 digits of the security code on the back of your card)
  • Move money to a so-called secure, safe or holding account
  • Move your money or ask you to transfer funds to a new sort code and account number.

COVID-19 vaccination fraud

Criminals are using the COVID-19 vaccine as a way to target people by tricking them to hand over cash or financial details. The Government Counter Fraud Function have developed advice to help people avoid falling victim to these scams.

Government branded scams

During the COVID-19 pandemic, criminals are also using government branding to try to trick people, including reports of HMRC communications making false offers of financial support through unsolicited emails, phone calls and text messages.

Fake URL links claiming to take you to the GOV.UK website to help you to claim COVID-19 related payments are also circulating. They will take you to websites operated by criminals who will steal your personal and financial information.

We have been made aware of an email circulating in the West Midlands region purporting to be from HM Government asking for donations to the NHS during the COVID-19 outbreak. The e-mail requests a donation of at least £10.00. The NHS will never ask you to send money directly to a bank account. Numerous people have reported this scam to the police, and it has been confirmed to be a fake. Any money sent as a result would end up in the hands of criminals.

If you would like to donate to the NHS, you can do so via official NHS channels or your local NHS Trust.

Online shopping

Reports from the public have already included online shopping scams where people have ordered protective face masks, hand sanitizer, and other products, which have never arrived, and several cases have been identified where fake testing kits have been offered for sale.

If you are making a purchase from a company or person you don’t know and trust, carry out some research first, and ask a friend or family member for advice before completing the purchase. If you decide to go ahead with the purchase, use a credit card if you have one, as most major credit card providers insure online purchases.

For more information on how to shop online safely, please visit

Other resources

Please see the NHSCFA’s wider advice on the prevention of fraud on our NHS Fraud Guidance page. You can also find information and definitions for the different types of fraud against the NHS in the NHS Fraud Reference Guide.

How to report fraud

If you suspect a fraud in which you or someone else is the victim, report it to Action Fraud online or by calling 0300 123 2040

If you suspect fraud against the NHS, please report it to the NHS Counter Fraud Authority online at or through the NHS Fraud and Corruption Reporting Line 0800 028 4060 (powered by Crimestoppers). All reports are treated in confidence and you have the option to report anonymously. You can also report NHS fraud to your nominated Local Counter Fraud Specialist.

Help us improve

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.


Thanks for the feedback!