ESR alert - phishing emails
There have been two ESR alerts that NHS SBS wanted to bring to your attention; both alerts are regarding the recent incidents of phishing emails, targeting NHS employees in order to steal ESR credentials and redirect pay to accounts controlled by the threat actor.
Users have received emails that claim to be from their HR department, but are sent from accounts outside the NHS. These emails typically say that the user's salary has been increased and invite them to click a link to access related documents. When the user clicks on the link they are directed to a fake NHS ESR login page, which appears exactly the same as the actual login page except that it does not offer smartcard login.
The malicious emails are customised for each organisation they are sent to. They typically contain the organisation's logo and the phishing links include their website domain within the URL.
Example email subject lines are:
- August Salary Details
- Salary Raise Confirmation
- Salary Review Letter
- Update Bank Details
If you receive an email you are not sure about, please contact ArdenGem IT Service Desk T: 0300 120 1020