Community Pharmacy England (CPE) has warned pharmacy owners and professionals against the recent increase in scam emails.
Some of these messages falsely claim that the pharmacy is under investigation for a data protection or GDPR compliance breach.
CPE said these emails may appear convincing at first glance, but a close look often betrays tell-tale signs of fraudulence and should be deleted without responding.
These scam emails are often sent from free webmail accounts, such as Gmail, and not from official domains used by the NHS or the Information Commissioner’s Office.
They claim that the pharmacy is subject to a mandatory GDPR investigation and try to threaten them with enforcement action.
If a user hovers the mouse over a link (without clicking it) on a desktop, the ‘real’ web address would differ from the ‘displayed’ one.
When pharmacies receive such an email, they should not open any attachments, nor click any links.
The suspicious mail should be marked as spam and deleted.
They should report such suspicious messages to report@phishing.gov.uk, or if the message arrived via an @nhs.net inbox, use the nhs.net phishing reporting function.
Pharmacy teams should take note that the ICO, the UK’s independent body responsible for upholding information rights, promoting data privacy for individuals, and enforcing data protection laws, does not initiate regulatory action through unsolicited emails.
NHS England and the Department of Health and Social Care would never direct pharmacies to respond to a private company regarding a GDPR investigation.
