Fake NHS login portal emails harvest patient credentials to access health records
Impersonating: NHS
What is this scam?
Phishing emails impersonating the NHS login portal are targeting patients and NHS staff, falsely claiming that account verification is required before 15 July to continue accessing NHS services, appointment booking, and online prescriptions. Clicking the link leads to a convincing lookalike NHS login page that steals usernames, passwords, and sometimes National Insurance numbers. The NCSC has flagged a rise in NHS impersonation phishing in 2026, with stolen credentials used to access patient portals and harvest health data for use in targeted follow-up scams.
Example scam message
Red flags to look out for
- The message creates urgency — threatening a fine, missed delivery, or account closure.
- Links lead to unofficial domains that don't match the real company's website.
- You weren't expecting this message and can't verify the event it references.
- It asks you to confirm payment details or personal information via a link.
- The sender's number or email address doesn't match the company's official contact.
What to do if you receive this
- Do not click links or call numbers provided in the message.
- Contact the organisation directly using details from their official GOV.UK page.
- Forward the message to 7726 or email report@phishing.gov.uk.
- Report it to Action Fraud at actionfraud.police.uk.
Not sure if your message is a scam?
Check it instantly with our free AI-powered detector.
Check a message nowSource: NCSC