We are aware that fraudulent emails are circulating which are designed to look like they have come from ESR.

The emails usually contain a link directing colleagues to a website which has been deliberately crafted to mimic the ESR login page, prompting staff to enter their username and password.

If a colleague enters their details, the sender could:

• Log in to their ESR account
• Access personal, employment, and sensitive data
• Change bank account details
• Redirect salary payments
• View or amend other ESR records

How to protect yourself

• Emails from ESR will never ask you to log in via a third‑party link

• Hover your mouse over any link to reveal the real web address

• Access ESR only through:
  🔹 The Trust intranet
  🔹 The NHS ESR portal
  🔹 Your usual bookmarked link

If you receive a suspicious message

Do NOT reply, click links, or enter login details. Instead:

• Forward it to spam@this.nhs.uk and then delete the email from your inbox and also from your deleted items.

If you think you may have entered your details

• Treat it as urgent
• Change your ESR password immediately
• Inform IT and also our Local Counter Fraud Specialist (LCFS) Shaun Fleming on shaunfleming@nhs.net 
• Monitor your ESR account for any unexpected changes

Please remain vigilant and report anything suspicious.