Hoppa till huvudinnehåll

Hur man svarar på ett misstänkt e-postmeddelande på under 60 sekunder

A quick-response guide for primary care teams - because every second counts in cyber security

Medicinska yrkesverksamma

Professionella referensartiklar är utformade för att användas av hälso- och sjukvårdspersonal. De är skrivna av brittiska läkare och baserade på forskningsbevis, brittiska och europeiska riktlinjer. Du kanske hittar en av våra hälsoartiklar mer användbar.

Not all cyber threats come through hacking or malware. Some of the most common, damaging attacks begin with something deceptively simple: a suspicious-looking email. Phishing scams - emails that impersonate NHS bodies, suppliers, or colleagues - are one of the most frequent causes of cyber breaches in healthcare. These emails aim to trick staff into clicking links, downloading attachments, or sharing sensitive data. The good news? You don’t need to be an IT expert to stop them. If your team knows what to look for and how to act fast, you can prevent a small mistake becoming a major incident. Here’s how to spot, stop and report a suspicious email - in under 60 seconds. 

What does a suspicious email look like? 

There’s no single formula, but common signs include: 

  • Unexpected messages from NHS suppliers or service providers. 

  • Urgent requests to click a link or download a file. 

  • Poor spelling, strange formatting or off-brand logos. 

  • Email addresses that look similar but are subtly wrong. 

  • Pressure to act quickly, such as “You must complete this now”. 

  • Messages asking for login details or patient information. 

Some phishing emails may even appear to come from trusted sources, including NHSmail addresses that have been compromised. 

The 60-second checklist: what to do if you’re unsure

1. Don’t click anything (10 seconds)

If you feel uncertain about an email - even for a moment - stop. Don’t click links, download attachments, or reply. Most threats only activate if you interact with them. Simply opening an email is usually harmless, but the real danger starts when you follow its instructions. 

2. Check the sender carefully (10 seconds) 

Hover over the sender’s name or email address. Is it spelt correctly? Does it match the name and organisation you’d expect? Look for minor changes like nhs.net.co or support@nhs-logins.uk - these are common phishing tricks. 

3. Ask yourself: Was I expecting this? (10 seconds) 

Phishing works by catching people off guard. If you weren’t expecting a password reset, invoice, or link to a survey - question it. Even if it looks legitimate, a surprise email should raise a red flag. 

4. Report it or ask for help (20 seconds) 

If you’re using NHSmail, forward the email to spamreports@nhs.net. This helps protect others in the system. If not, report it to your IT lead, practice manager, or CSU support desk immediately. Don’t delete the email until they advise. Do not forward it to anyone else in the practice without checking first. 

5. Inform your team if needed (10 seconds) 

If the email is widespread or part of a scam campaign, make others aware - especially those who might be most at risk of clicking it. A quick team message could stop someone else from falling for the same trick. 

Common examples in general practice 

  • Fake supplier invoices (for example, printers, maintenance). 

  • Messages claiming to be from NHS England or ICBs. 

  • Fake Docman or EMIS login alerts. 

  • Emails about “new patient referrals” or “clinical alerts” with links. 

  • Posing as your practice manager or GP partner requesting urgent transfers. 

Build a culture of ‘Think Before You Click’ 

You don’t need formal training to create a cyber-aware team. Encourage: 

  • Staff to flag anything unusual - even if it turns out to be safe. 

  • Use of your shared inbox or IT contact for second opinions. 

  • Adding cyber awareness tips to monthly briefings. 

  • A no-blame attitude - if someone clicks, deal with it constructively. 

Helpful resources 

Final word: 60 seconds now could save 6 months of fallout 

Responding to a suspicious email is not about panic — it’s about pause. A moment’s caution can prevent a data breach, a ransomware attack, or an ICO investigation. Make sure every staff member knows what to do. Because in primary care, where speed and trust matter, cyber safety starts with everyday vigilance.  

Exklusiva uppdateringar för vårdpersonal

Håll dig informerad med de senaste kliniska uppdateringarna, professionella insikter och evidensbaserad vägledning. Patient Pro-nyhetsbrevet sammanställer viktigt innehåll för vårdpersonal—levererat direkt till din inkorg.

Vänligen ange en giltig e-postadress

Genom att prenumerera accepterar du våra Sekretesspolicy. Du kan avsluta prenumerationen när som helst. Vi säljer aldrig dina uppgifter.

Om författarenVisa fullständig biografi

Författarbild

Thomas Andrew Porteus, MBCS

Hälsoteknik

MBCS

Thomas skriver för att informera, inspirera och utrusta praktikledare och vårdpersonal som navigerar förändringar, med utgångspunkt i två decennier av praktiskt arbete inom det brittiska hälsosystemet.

Artikelhistorik

Informationen på denna sida är skriven och granskad av kvalificerade kliniker.

influensaberättigandekontroll

Fråga, dela, anslut.

Bläddra i diskussioner, ställ frågor och dela erfarenheter inom hundratals hälsorelaterade ämnen.

symptomkontroll

Känner du dig sjuk?

Bedöm dina symtom online gratis