NHS Test and Trace: How to tell if it’s real or a scam
June 9, 2020
NHS Test and Trace phishing emails are being sent by scammers, the fake email refers to the service as
‘track and trace’. The email advises the recipient that they have been exposed to someone who has tested positive for coronavirus. They are instructed to click on a link in order to find out who that person is and are warned that if they fail to do so within 24 hours, legal action may be taken and their benefits suspended. The email address from which this message is being sent is ‘alert@nhstrackandtrace233-gov.com’.
Remember, contact tracers will never ask you to:
- Dial a premium rate number to speak to them (for example, those starting 09 or 087).
- Make any form of payment.
- Give any details about your bank account.
- Give your social media identities or login details, or those of your contacts.
- Disclose passwords or pins.
- Create any passwords or pins.
- Purchase a product.
- Download any software to your device.
- Hand over control of your PC,, smartphone or tablet.
- Access any website that does not belong to the government or NHS.
For more information read this article from Which.co.uk
Share this news story...
Section 199 of the Economic Crime and Corporate Transparency Act 2023 (ECCTA) introduced a new corporate offence that significantly raises the bar on fraud risk management. Large organisations can now be criminally liable if an employee, agent, or other associated person commits fraud for the organisation’s benefit—and the organisation did not have reasonable fraud prevention procedures in place. This is a strict liability offence. Prosecutors do not need to prove senior management knowledge or intent. If fraud occurs and the organisation cannot demonstrate an adequate prevention framework, liability follows. The only defence: reasonable procedures The sole statutory defence is that the organisation had reasonable procedures in place to prevent fraud, or that it was reasonable not to have such procedures. In practice, regulators have made clear that “reasonable” will be interpreted robustly. Organisations should be acting now to: Conduct a documented fraud risk assessment covering business models, revenue streams, incentive structures, third-party exposure, and jurisdictional risk. Design proportionate prevention controls aligned to identified risks, including financial controls, approval thresholds, segregation of duties, and oversight of agents and intermediaries. Set the tone from the top , with clear board ownership, senior accountability, and demonstrable commitment to fraud prevention. Implement targeted training and communications so employees and associated persons understand fraud risks, red flags, and reporting routes. Maintain monitoring, reporting, and review mechanisms , including whistleblowing channels, audits, and periodic reassessment as the business evolves. Evidence everything . Policies without implementation, or controls without records, will not support a defence.
Thank you to everyone who attended one of our fraud prevention webinars in 2025. For those who missed them, you can now watch all the recordings at your convenience on the SAFE YouTube channel. Whether you want to find out more about the drivers of fraud, or explore strategies for preventing emerging threats such as dual employment and imposter fraud, we've got a webinar for you. All the links you need are below, and we've included links to additional resources available elsewhere on the SAFE website.
SAFE – Security and Fraud Experts and Dorset HealthCare University NHS Foundation Trust are proud to be part of Project WISE (Workforce Integrity and System Efficiency), a proactive initiative using data and advanced analytics to strengthen fraud detection across the NHS. The NHSCFA estimates that £1.346 billion of NHS funding is vulnerable to loss through fraud, bribery and corruption in England. With fraud posing a significant risk to NHS resources each year, we’ve joined forces with the NHS Counter Fraud Authority and four other NHS organisations across the South East and South West to pilot this first-of-its-kind initiative. The pilot is helping to identify emerging fraud risks and patterns, turning complex data into actionable intelligence that supports local and regional counter fraud teams.
