Skip to content Skip to main menu Skip to utility menu

Notice of a potential ESR phishing scam

May 11, 2022

We have been made aware of a potential phishing email that has been sent recently to multiple colleagues. The email references the NHS Business Services Authority, mentions “payroll rejections” and asks users to check their pay details in Electronic Staff Record. The recipient is then advised to click on a link in the email that takes them to a fake site.  ESR Users that are clicking on the link in the email are being taken to a fake site and will most likely be asked to enter the ESR logon credentials.

The issue has been reported to NHS Digital who are taking action to block the sender of the email and the website that the phishing email directs the recipient to.

Colleagues are reminded to be extra diligent when responding to emails and in particular check that when logging in to ESR, your browser shows you are accessing the https://my.esr.nhs.uk domain.