Logging in to NHSmail (e-mail)
You are only permitted one NHSmail email account. NHSmail is your primary e-mail source.
If you are new to the trust an NHSmail account will have been created for you.
If you have come from another trust you will need to ensure you have been marked as a ‘Leaver’ in order for CITS to then mark you as a ‘Joiner’.
You can call CITS on extension 1717 to obtain or re-confirm your login details.
After logging into the PC you will double-click on the NHSmail 2 icon the desktop to open NHSmail. Select the word login in the top right of the webpage. Login with the username and password provided. You will also be prompted to answer 3 security questions.
Once your details have been updated on NHSmail 2 you can access your emails via Outlook if preferable.
Accessing Staff Wi-Fi
To use this service log on to a Trust PC using your ICT username and password. To register for staff Wi-Fi please click the button below.
Register for access to the Staff Wi-Fi for Internet access on your personal devices.
Access to the Wi-Fi is for personal use only, provided this is in your own time and does not interfere with the performance of your duties or the duties of other staff or contractors. It will not allow staff to access Trust information systems apart from web access to the NHS email system.
This service is provided on a best-endeavours basis and is NOT supported by the CITS Service Desk. Advice and FAQS are provided on the link above.
Non-urgent advice: Please note:
Please note this service is for Trust Staff only and your username and password must not be shared with patients, visitors or other members of staff.
What are Phishing emails?
Phishing emails are sometimes suspicious-looking emails sent by fraudsters, often recently by organised crime gangs who masquerade as someone you trust, such as your bank, a legitimate supplier, the NHSmail team, Cornwall IT Services or even a scanner or fax machine on the NHS network in Cornwall!
What is their aim?
Their aim is to obtain information from you, e.g. your NHSmail username and password, your online banking details or the username and password you use to access a secure website. Sometimes their aim is to install a virus that will enable them to gain access to your information or to encrypt your files and hold them to ransom.
What do they look like?
Some look like genuine emails that you would typically expect to receive. Very often the fraudsters will go to great lengths to make their email look like it is genuine, including pictures from genuine websites and other links to click on that take you to the real site to lead you into a false sense of security. Most of them are unsolicited but given the fact that legitimate senders often use emails as a quick and easy means of communication the fraudsters email may arrive perhaps when you are expecting a parcel to be delivered or when an invoice is due from a supplier.
The NHSmail service blocks millions of suspect emails every day, but occasionally some do get through the filters as the people that send them continually attempt to evade the filtering system.
What Happens if I Respond to a Phishing Email?
If you respond to a suspect email or click on a link the email contains, your details could be compromised, and the fraudster could use your NHSmail account to send thousands more suspect emails to other NHSmail users.
What can I do to Avoid Getting Caught out?
- Don’t reveal your password to anyone verbally, via email or by entering it onto any website other than the NHSmail portal at http://www.nhs.net. The NHSmail team or Cornwall IT Services will never ask you for your password although in order to reset your password if you have forgotten it they might ask you for specific characters from the answers to your NHSmail security questions that you should have set.
- To help you identify untrustworthy emails, a warning message may appear at the top of any email you receive which contains a link that is confirmed as malicious, has not been verified by the NHSmail anti-virus service or appears to come from an NHSmail account when it does not.
- Treat any unsolicited email with caution, even those sent from somebody you think you know and especially any that contain an attachment or link.
- If you receive an email saying that your account needs to be ‘verified’ (or similar) which apparently comes from Cornwall IT Services, the NHSmail team, your bank, PayPal, an online auction site (e.g. eBay) or an online shopping site (e.g. Amazon) it will not be legitimate.
- Avoid clicking on links or opening attachments in emails from an unexpected or unusual source.
Microsoft Word, Microsoft Excel, Adobe Portable Document Files (PDFs) and attachments ending in .XML, .JS, .EXE, .BAT or .ZIP can all be used to install malicious software. These type of malicious attachments are known as Trojans.
- If you click on an email attachment and receive a warning that a program will run, or that macros need to be enabled DO NOT allow the program to run and DO NOT enable macros.
- Be wary of links you don’t know. These may appear to look like websites you are familiar with, but the address can be (subtly) different.
You may also see links that mask the actual address that say, for example, ‘click here‘ or have a shortened link such as ‘http://bit.ly/1S5zbI1‘
- Avoid downloading or installing additional software or web browser plug-ins such as Adobe Flash Player from untrusted websites.
What Should I do if I Think I may have Received a Suspicious Email?
- Please forward as an attachment any phishing emails that you receive to the email@example.com (if you are unsure how to do this please contact the CITS Service Desk for advice)
- If you have clicked on a link contained in a phishing email, opened an attachment from a phishing email, enabled macros, allowed a program to run or entered your NHSmail password onto a suspicious website please contact the CITS Service Desk immediately on 01209 881717. It is strongly recommended that in any of these circumstances that you disconnect your PC from the network and/or remove the power cable without shutting down the computer first. If you need assistance with this please telephone the CITS Service Desk.
If you are at all in doubt about the origin or validity of an email you receive DO NOT open it.
What can Cornwall IT Services do to Help?
The CITS Service Desk can provide advice if you receive a suspicious email that you think might be a phishing email. They can also ensure that, if it is found that you have become the victim of a phishing attack and potentially revealed your NHSmail password to a fraudster, your password is reset as well as your security questions to ensure that there is no further risk of compromise. The Service Desk provides the first point of contact if your NHSmail account has been compromised as the result of a phishing attack and can help to establish a dialogue with the relevant teams in Cornwall IT Services who can help recover your NHSmail account and record the incident and alert the relevant staff members within your organisation and help to put in place measures to prevent similar incidents occurring.
Cornwall IT Services provide local protection by ensuring that the CITS PC that you use to access your NHSmail account is:
- Running a supported and fully up-to date operating system, applications and web browser plug-ins
- Running up-to-date anti-virus products
- Enabled to access the Internet through a dedicated web gateway to help prevent you accessing malicious sites that attempt to install software onto your PC.
How to Report Spam & Phishing Messages
If you receive a spam or phishing message in your inbox it’s important that you report it to the NHSmail help desk for analysis and monitoring.
Forward the email as an attachment to firstname.lastname@example.org.
For instructions on how to forward a message as an attachment please see our guides below.
In NHSmail – Outlook Web App (www.nhs.net)
- Select the email from your inbox.
- Click on the “New mail” icon in the top left of the screen.
- Drag and drop the spam email from the email list onto the body of the new blank email.
- Enter email@example.com into the To: field.
- Enter an appropriate subject into the subject field. It’s recommended that you use spam, phishing or malicious depending on the type of email you are reporting.
- Click Send.
This video shows how to can report spam, phishing and malicious messages in NHSmail Outlook Web App:
In Outlook 2010 with Report Phishing button
- Select the email from your inbox.
- Click the Report Phishing button from the “Home” tab of the Outlook ribbon.
- Confirm the email subject and add a description.
- Click Report then Click OK.
This video shows how you can report spam, phishing or malicious messages to the NHSmail Help Desk using the Trend Micro Report Phishing button – a plugin for Outlook 2010: