The Counter Fraud Team at Audit Yorkshire are asking colleagues to remain vigilant following a report of a scam telephone call received by a member of staff. The caller claimed to be from her bank’s fraud team and stated that there had been a suspicious transaction on her account. The caller appeared to know personal information relating to the staff member, including their name, postcode, phone number, nhs.net email address, bank account details and NHS discount provider membership.

The caller used this information to make the call appear credible. They then attempted to move the conversation to WhatsApp on the basis that this would be a more secure line.

The staff member ended the call and contacted their bank directly. The bank confirmed there was no suspicious activity, and that no one from the bank had attempted to contact them. The scammer subsequently attempted to call via WhatsApp several times and later called again from a withheld number. When challenged, the caller admitted the call was not genuine.

The NHS discount provider is aware of the incident and assured us that they take the security of member’s accounts very seriously and have reiterated the advice below.

Key warning signs identified in this incident:

  • An unexpected call claiming to be from a bank fraud team.
  • The caller quoted personal details to appear legitimate.
  • The caller asked probing questions about online accounts, travel, and other banking arrangements.
  • Attempt to move the conversation to WhatsApp.
  • The genuine bank confirmed the contact was not legitimate.

Advice to colleagues:

  • Be cautious of any unexpected call claiming to be from your bank, even if the caller knows personal information about you.
  • Do not disclose banking details, passwords, security codes, one-time passcodes, or other personal information.
  • Do not transfer the conversation to WhatsApp, Teams, text message, or any other platform at the caller’s request.
  • End the call if you are unsure or feel pressured.
  • Contact your own bank directly using a trusted number, such as the number on the back of your card or from the bank’s official website. Use a different phone or wait for ten minutes just in case the original caller is blocking the line.
  • Keep a close eye on your bank statements and report any suspicious activity to your bank straight away.
  • Ensure any apps or online accounts you use are protected with a strong, unique password.
  • Report any similar contact or concerns relating to NHS information, work contact details, or an nhs.net account to IT or Sean Fleming from the Counter Fraud Team shaunfleming@nhs.net

Reminder: Fraudsters can use accurate personal information to make scams appear convincing. Possession of details such as your name, postcode, workplace email address, bank name, or membership of a membership discount scheme does not prove that a caller is genuine.

You can find advice and guidance on our counter fraud intranet pages.