Is NHS The Most Impersonated UK Government “Brand”?

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Jan 04, 2023 02:56 pm PST

The National Health Service (NHS) is the most impersonated UK government organization in scams, according to a recent report. This is concerning news, as scams targeting the NHS can have serious consequences for individuals and the NHS as a whole. In this article, we’ll explore the various types of scams targeting the NHS, the factors contributing to the high number of these scams, and the steps individuals and the NHS can take to protect against them.

Overview Of Scams Targeting The NHS

Scams targeting the NHS come in various forms, including phishing emails and SMS messages. These scams often involve fake websites or emails requesting personal information or donations, claiming to be from the NHS or other trusted organizations. The impact of these scams can be significant, as individuals may lose money or have their personal information compromised. In addition, the NHS may suffer reputational damage or financial losses as a result of these scams.

Some specific examples of scams targeting the NHS include:

  • Phishing emails claiming to be from the NHS and requesting personal information, such as login credentials or bank details.
  • Fake websites offering fake cures or vaccines for COVID-19, claiming to be affiliated with the NHS.
  • SMS messages requesting donations for various causes, claiming to be from the NHS or other reputable organizations.
  • Emails or messages offering employment opportunities with the NHS, requiring individuals to provide personal information or pay a fee.

It’s important to note that these are just a few examples of the many scams targeting the NHS. It’s likely that new types of scams will continue to emerge as cybercriminals seek to take advantage of the trust and popularity of the NHS brand.

The proliferation of social media and other online platforms may also contribute to the high number of scams targeting the NHS. These platforms allow cybercriminals to reach a large audience quickly and easily, increasing the chances of successful scams.

Factors Contributing To The High Number Of Scams Targeting The NHS

There are several factors contributing to the high number of scams targeting the NHS.

  • Popularity and trustworthiness of the NHS brand: As a trusted institution that provides essential services to the public, the NHS is a prime target for cybercriminals looking to impersonate a reputable organization.
  • Current economic conditions: This includes the cost of living crisis and recession, which may also contribute to the high number of scams targeting the NHS. During times of economic downturn, there may be an increase in cybercrime as cybercriminals seek to take advantage of financial insecurity.
  • The COVID-19 epidemic: As people around the world have become more concerned about their health, scams offering fake cures or vaccines have become more prevalent.
  • High use of automation in cybercrime: Such as chatbots and malware-as-a-service, may make it easier for cybercriminals to impersonate the NHS or other trusted brands. These automation tools allow cyber criminals to send large numbers of phishing emails or malicious code, increasing the chances of successful attacks.

The emergence of ChatGPT and other AI technologies may also allow cyber criminals to craft more convincing phishing emails or malicious code. By using vast volumes of data from the internet, ChatGPT and similar technologies can generate responses in natural language that appear to have authority. This can make it more difficult for individuals to recognize scams and may increase the success rate of these attacks.

Steps Individuals And The NHS Can Take To Protect Against Scams

There are several steps individuals and the NHS can take to protect against scams targeting the NHS. One of the most important things for individuals to do is to trust their instincts and be cautious when interacting with emails or SMS messages that seem suspicious. It’s also important to verify the legitimacy of websites or requests for personal information or donations before interacting with them.

For example, if you receive an email claiming to be from the NHS and requesting personal information or a donation, you should verify the authenticity of the email before responding. You can do this by checking the sender’s email address, looking for any typos or inconsistencies in the email, and contacting the NHS directly to confirm the request.

The National Cyber Security Centre’s Suspicious Email Reporting Service is another helpful resource for individuals looking to protect against scams. By forwarding suspicious emails to this service, individuals can help to protect themselves and others from these types of attacks.

For the NHS, it’s important to implement proper security measures and protocols to protect against scams. This can include strong passwords, antivirus software, and firewalls. It’s also important to ensure that all employees and users are aware of these measures and follow best practices for cybersecurity.

It’s also important to educate users on how to recognize and avoid scams, including training on identifying phishing emails and avoiding suspicious websites or downloads. This can help to prevent individuals from falling victim to scams and protect the NHS from reputational damage or financial losses.

In addition to these measures, the NHS can also work with law enforcement and other organizations to combat scams targeting the NHS. By sharing information and collaborating on efforts to identify and prosecute cybercriminals, the NHS can help to reduce the prevalence of these scams and protect the public from their impacts.


The news that the NHS is the most impersonated UK government organization in scams is concerning. These scams can have serious consequences for individuals and the NHS as a whole, including financial loss and the potential for sensitive information to be compromised. To protect against these types of attacks, it’s important for individuals and the NHS to stay vigilant and take necessary precautions, such as trusting their instincts, verifying the legitimacy of websites or requests for personal information or donations, and implementing proper security measures and protocols. By taking these steps, we can help to protect ourselves and the NHS from the harmful impacts of scams targeting the NHS.

Notify of
4 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Jamie Akhtar
Jamie Akhtar , CEO and Co-founder
InfoSec Expert
January 5, 2023 10:54 am

“The news that the NHS is the most impersonated UK government organisation is sadly unsurprising. The NHS is one of the few institutions in society that all of us have some dealings with. This makes it the perfect ‘brand’ for cybercriminals to impersonate when launching attacks.

What’s more, we’re currently in the grip of both a cost of living crisis and a recession, making these types of attacks all the more common. Cybercriminals are subject to the same financial pressures as anyone else, meaning that financial downturns usually equal more cybercrime – especially the unsophisticated kind on display here.

However, that doesn’t mean the British public should resign themselves to being fleeced. Always trust your senses when it comes to email and SMS communications. If something feels wrong, there’s a very good chance it is. And, if you do have doubts, don’t open any attachments or engage with the sender. Instead, forward the email straight to the NCSC’s Suspicious Email Reporting Service.”

Last edited 4 months ago by Jamie Akhtar
Rachel Jones
Rachel Jones , CEO and Founder
InfoSec Expert
January 5, 2023 10:53 am

“Fraudsters are making millions of pounds every year by tricking people into visiting copycat websites of genuine brands and encouraging purchases, in the case of TV licences, or fake products, as examples, or into handing over sensitive and confidential information.
These scams are rife and very difficult to identify, particularly when we all skim read sites and buy online so readily. Sites which appear to be super-topical, reflecting issues around the pandemic or the cost-of-living crisis, for example, are increasingly common, offering seemingly (but fraudulent) solutions to the vulnerable.
The NCSC does a fabulous job identifying and removing illegal sites to protect consumers, and the onus is now on individuals, to be vigilant, and the private sector to be proactive in doing the same. Businesses, products and services are illicitly replicated online daily, defrauding consumers of more than just money. Fraud of any kind can cause irreparable financial and emotional damage. For businesses, reputational damage can be just as bad.
All businesses must now be on the alert for online threats – from monitoring for fake versions of websites, products, misuse of company logos, the list is endless. Only by monitoring for and removing these scams rapidly and improving awareness of these issues can consumers be kept informed and safe.”

Last edited 4 months ago by Rachel Jones
Darren Guccione
Darren Guccione , CEO and Co-Founder
InfoSec Expert
January 5, 2023 10:51 am

“According to Keeper’s Cybersecurity Census Report, organisations in the UK public sector experience 44 cyberattacks each year—more than three every month. Such attacks can be extremely damaging to public sector organisations. Given their crucial role powering critical infrastructure, successful attacks present not just a threat to individual organisations, but the nation as a whole. Cybercriminals have long exploited volatile situations for their own gain, especially newsworthy, current events. Since the COVID-19 pandemic, cyberattacks have skyrocketed, so it’s no surprise to see the NHS topped the list of most impersonated government organisations. These bad actors know that Brits are seeking important medical information and will use the opportunity to prey on their unsuspecting victims.

In phishing attacks, bad actors often tailor scams using aesthetic-based tactics such as realistic-looking email templates and malicious websites. The aesthetics users recognise, such as the logo or color scheme of the site, are used to lure them into a malicious link or form field. Strong passwords and MFA are useless if a user is tricked into disclosing credentials via a phishing attack. The key to avoiding falling victim to this type of attack is to ensure the URL matches the authentic website. Emails containing links must always be subject to greater awareness and vigilance. A password manager that can automatically identify when a site’s URL doesn’t match is a critical tool for preventing the most common password-related attacks, including phishing.”

Last edited 4 months ago by Darren.Guccione
Steve Bradford
Steve Bradford , Senior Vice President
InfoSec Expert
January 5, 2023 10:38 am

“The news that the NHS is the most scammed UK government organisation is particularly concerning given the risk this has on accessing patient information and providing care.

“Scammers are increasingly using methods that are far more personal and harder to spot – morphing into those we trust, such as the NHS brand.

“That 6.4 million of these scams were reported last year shows the public is becoming more adept at spotting these attacks. But the same also needs to be said for organisations across the board. Many attacks like these, at their root, come down to some sort of compromised identity. Leveraging AI-enabled identity security helps offload pressure on end-users and fortify organisational defences. Clearly seeing, understanding, and managing who has access to what, when and why, and then properly securing that access, can go a long way in avoiding a breach or compromise.”

Last edited 4 months ago by Steve Bradford

Recent Posts

Would love your thoughts, please comment.x