Watch out for fake NHS cold calls

Cold calling fraudsters claiming to be from the NHS are attempting to get their hands on your personal data.

A new wave of scam calls uses automated messages to impersonate NHS receptionists and doctors, but they could be convincing enough for you to share sensitive data.

Read on to find out how these calls work and what to do if you're targeted by one. 

NHS scam calls

The calls appear to come from UK mobile numbers, which are most likely 'spoofed', meaning technology is used to mask the true origin of the call. 

The caller is actually an automated message which tells you that you must update your GP record as it is out of date, and you are at risk of being removed from the surgery.

Some recipients of the call have reported being asked to press 1 to update their records, which will most likely lead to personal data being asked for, such as names, addresses and NHS numbers.

The NHS has confirmed that it will never threaten to remove you from its patient list over the phone and will never ask for your financial information.

Reports on Who Called Me, a website which allows people to report any scam calls and texts they’ve received, mentioned a text promoting a Norovirus vaccine clinical trial for those over 60, which asked the recipient to press yes for more information.

Other reports complained of calls from scammers pretending to be doctors and sending codes to their phones, which they’re then asked to read out. Which? has previously warned about a similar scam to this, where fraudsters impersonating phone company O2 contacted customers and pretended to take them through security questions under the guise of offering them a discount on their phone bills.

The scammer would have attempted to log into the customer’s O2 account with information they already had, which then triggers a genuine O2 message with a one-time passcode. The scammer then asks for this code during the phone call, revealing this code allows them to gain access to the customer’s account.

These scams are made possible as the scammer already has enough information about you to set it up. That information is acquired through a data breach, information you may have shared on a dodgy site or by scraping information from public-facing details given away on social media.

How is your personal data used in scams?

The NHS also warned that scammers may ask for personal information, such as your address, NHS number or bank details.

While personal information such as your email, number and date of birth may seem harmless, this can help scammers to connect the dots and spear-phish you. Spear-phishing is a type of scam message, such as an email or text message, which uses personal information gathered about you to be more convincing.

Scam calls which ask for your personal information could enable fraudsters to scam you in this way in the future.

Reporting NHS impersonation scams

It’s normal to share personal and sensitive information with a medical professional, but you should treat unsolicited calls claiming to be from the NHS or your GP surgery with extreme caution.

The NHS says it will never contact you by phone to demand updates to your records, threaten removal from a GP list, or request personal or financial information. It also said you should only expect calls from its official practice phone number, which can be found by searching for your GP on the NHS’s official site.

You can report instances of fraud involving the NHS on its website or by calling 0800 028 4060.

Scam calls received on an iPhone can be reported to your provider by texting the word ‘call’ followed by the phone number to 7726.

On an Android phone, text the word ‘call’ to 7726. You’ll then receive a message asking you for the scam number. For scam calls received on WhatsApp, select the ‘i’ next to the number in your call log, scroll down and press ‘report.’

You can also report scam calls to Action Fraud or call the police on 101 if you’re in Scotland.