Publish date: 12 February 2024
The NHS Counter Fraud Authority (NHSCFA) would like to alert NHS colleagues to a new fraud trend involving NHS salary sacrifice schemes.
Fraudsters have been targeting NHS colleagues to steal email addresses and ESR/assignment numbers to enable them to login to salary sacrifice schemes and fraudulently take out contracts in their victim’s name.
Recommendations for colleagues:
- All colleagues should only use the salary sacrifice links provided to you by your organisation.
- NEVER share your ESR/assignment number or nhs.net login credentials with anyone.
- If you believe your ESR, work email or nhs.net account have been compromised, contact ITSecurity
@imerseyside.nhs.uk as soon as possible. - Report any unusual activity on your payslip, work email or your ESR account to your Human Resources (HR) representative.
- Create strong passwords using three random words containing spaces (e.g. Apple Fish Snowflake – do not use this password).
NHS employees who believe they have been a victim of fraud should carry out a credit history check to identify any anomalies.
All incidents of suspected fraud against the NHS organisation should be reported to Claire Smallman at Mersey Internal Audit Agency (MIAA) – claire