Scam Alert: New NHS Prescription Phishing Scam Sweeping Inboxes

 

It’s the start of the week, and scammers are already hard at work trying to exploit our trust in the NHS. We’ve seen a surge in a particular phishing email today that claims to offer a "simple" way to order NHS prescriptions online.

While the NHS does offer legitimate digital services, this specific email is a malicious scam designed to steal your personal information or financial details. Here is what you need to look out for.

---

The Anatomy of the Scam

The email, which often carries the subject line "TR: Save Time on NHS Medications IT," looks professional at a quick glance, but several red flags reveal its true nature:

• Suspicious Sender Address: The email claims to be from "UK Pharmacy Subscription Notice IT," but the actual email address is a random string of characters from a Hotmail account (avrom-158jerrold_145.carter@hotmail.com). Official NHS communications will always come from an @nhs.net or @nhs.uk domain.

• Vague Branding: While it mentions "NHS Prescriptions," the layout is generic. It lacks the official NHS logo, a registered pharmacy name, or a physical address—all of which are legal requirements for UK pharmacies.

• Urgency and Convenience: Phishing scams often use "Save Time" or "Register Now" buttons to rush you into clicking before you’ve had a chance to think.

• The "Unsubscribe" Trap: In many of these emails, even the "Unsubscribe" link is a trap used to verify that your email address is active, leading to even more spam.

---

Why is this dangerous?

If you click the "Register Now" button, you will likely be taken to a spoofed website that looks like an NHS login page. Scammers use these sites to harvest:

1. Your NHS login credentials.

2. Personal details (Name, DOB, Address).

3. Payment information for "delivery fees" or "pre-payment certificates."

---

How to Stay Safe

• Don’t Click: If you receive this email, do not click any links and do not download any attachments.

• Check the Sender: Always tap or click on the sender's name to see the full email address. If it’s a personal account (like Hotmail, Gmail, or Outlook), it is a scam.

• Use Official Channels: To order prescriptions online safely, always use the official NHS App or the website of a well-known, high-street pharmacy you trust.

• Report It: You can forward suspicious emails to the National Cyber Security Centre at report@phishing.gov.uk.

Stay vigilant and share this with friends or family members who might be less tech-savvy. Scammers rely on us being in a hurry—taking thirty seconds to check the sender's address can save a lot of heartache.

 

How to screen calls and avoid scams

You don’t need extra apps or technical know-how to fight scam calls, as your smartphone already has features designed to stop them.

If you own an Android, you can use Google Assistant to screen calls automatically. Similarly, iPhone users can try Apple's Call Screening feature. Our tech expert Tom Morgan talks you through how to do this, step by step – and he has tips for landlines, too.

If you'd benefit from 1-to-1 help with your smartphone or other tech products, you can join Which? Tech Support and chat to our friendly experts on the phone or by email, as often as you need. Find out more about what a membership offers and get a £20 Richer Sounds gift card if you join by 2 February. 

Source: Which? (22 Jan 2026)

Getting rid of a PC? Keep your data safe

If you're getting rid of an old Windows 10 computer, make sure you completely wipe your data. Otherwise, your personal files, passwords and photos could fall into the wrong hands.

We take you through the process of resetting your Windows 10 PC while keeping your files and data safe and secure – it's easier than you might think.

Source: Which? (21 Jan 2026)

Password reset emails: how to tell if they're genuine

Instagram users are receiving emails from the platform telling them to reset their passwords. And because users didn’t request password changes, the emails have prompted worry and confusion.

We investigated the emails and found this particular instance to be genuine. Our advice if you receive an email like this: log in to your account via the platform’s official website or app and change your password that way.

Source: Which? (22 Jan 2026)

Community Event: Tackling Violence Against Women and Girls in Slade Green

Community Event: Tackling Violence Against Women and Girls in Slade Green

 

The Bexley Community Safety Partnership (BCSP) is inviting all residents and regular visitors of Slade Green to a vital engagement forum focused on the safety of women and girls in our community.

This is a dedicated space for you to voice your concerns, ask questions, and hear directly from the people responsible for keeping our streets safe. Whether you have specific safety concerns or simply want to learn more about the work being done in your area, your presence is highly valued.

Event Details

• Date: Wednesday 28th January 2026

• Time: 5:00pm – 8:00pm

• Location: Orchard House, Orbit Hub, Slade Green, DA8 3PY

• Suitability: Families and children are more than welcome to attend.

Why should you attend?

This forum is a collaborative effort bringing together key local figures and organisations, including:

• The Police

• Bexley Council

• Local Services

• Your Ward Councillors

The evening is designed to be an open dialogue where you can obtain practical information and advice on gender-based safety, stay informed about ongoing local initiatives, and ensure that the voices of Slade Green residents are heard at a leadership level.

Find out more

For further information regarding the work being done to combat violence against women and girls (VAWG) in Bexley, please visit the official website: 👉 www.bexley.gov.uk/vawg

Scam Alert: Don’t Fall for the "Pharmac4U" Prescription Phishing Email

Scam alert: "Pharmac4U" Prescription Phishing Email

 

There is a new phishing email circulating in the UK targeting people who manage their NHS prescriptions online. Using the names of well-known services like Pharmacy2U, scammers are trying to trick patients into clicking a malicious "Register" button.

Here is what you need to look out for to keep your data safe.

The Red Flags: How to Spot the Fake

Looking at the screenshot provided, there are several immediate "tells" that this is a scam:

• The Sender Address: While the name says "Repeat Prescriptions UQ," the actual email address is a random Hotmail account (jecho_jed@hotmail.com). A legitimate NHS-affiliated service would use an official domain (e.g., @nhs.net or @pharmacy2u.co.uk).

• Inconsistent Branding: The header of the email says "Message from Pharmac4U," but the body text mentions "Pharmacy2U." This inconsistency is a major red flag; professional companies do not get their own names wrong.

• Generic Language: The email uses broad, generic phrases like "Skip the pharmacy queues." While Pharmacy2U is a real, registered service, scammers often "spoof" their name to gain your trust.

• The "Register" Button: This is the trap. Clicking this button likely leads to a fake website designed to harvest your name, address, date of birth, and potentially your GP details or payment information.

Why This Scam is Dangerous

Because many of us legitimately use online pharmacies to manage repeat prescriptions, an email like this can look "normal" at first glance. Scammers rely on us being in a hurry and clicking without checking the sender’s details.

How to Protect Yourself

1. Check the Sender: Always tap on the sender's name to see the full email address behind it. If it looks like a personal account or a string of random letters, delete it.

2. Go Direct: If you want to register for an online pharmacy, never click a link in an unexpected email. Instead, type the address directly into your browser (e.g., www.pharmacy2u.co.uk) or use the official NHS App.

3. Look for Typos: Misspellings like "Pharmac4U" are deliberate or careless mistakes that legitimate companies rarely make.

What to Do if You Receive This

• Do Not Click: Don’t click the "Register" button or any links within the email.

• Report It: You can forward suspicious emails to the Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk.

• Delete: Once reported, delete the email and empty your trash folder.

Stay vigilant and share this with friends or family members who might be expecting a prescription notification!

Blue Badge Holders: Unlocking Free Passage Through Blackwall & Silvertown Tunnels (A Guide to the Exemption Process)

Let's be honest, navigating London's road charging schemes can feel like a labyrinth, and the new Silvertown Tunnel joining its older sibling, Blackwall, means even more to consider. For Blue Badge holders, there's a valuable 100% exemption available, but the application process can sometimes feel a bit… well, let's just say "unnecessarily complicated."

Many Blue Badge holders, or those who drive them, run into a snag trying to link the exemption to their existing London Road User Charging account. The common frustration? TfL's system is quite particular about whose name is on the account when applying for this specific discount.

The Golden Rule: The Blue Badge Holder is the Account Holder

Here's the crucial takeaway that often catches people out: The 100% discount for Blue Badge holders must be applied for through a London Road User Charging account set up IN THE NAME OF THE BLUE BADGE HOLDER.

It doesn't matter if you're the main driver, the spouse, or the family member managing all the household bills. For this specific exemption, TfL needs to see the Blue Badge holder's name as the primary account holder.

Why This Confusion Happens

Often, people try to add the Blue Badge holder's details as a "secondary user" or try to upload the badge onto an account already registered in someone else's name (e.g., the driver's). The system, designed to prevent fraudulent use of Blue Badges, sees this mismatch and will likely reject the application, asking for the details to be submitted by the main account holder – which isn't possible if the main account holder isn't the Blue Badge holder!

Your Step-by-Step Guide to a Smooth Application

To ensure a fuss-free exemption for the Blackwall and Silvertown tunnels, follow these steps:

1. If You've Already Applied Incorrectly:

   • You'll likely receive a rejection and a refund of the £10 registration fee. Wait for this to process. Trying to push it through will only delay things.

2. Create a BRAND NEW Account (in the Blue Badge Holder's Name):

   • Go to the official TfL London Road User Charging website.

   • Crucially, start a new registration process using the full name and date of birth of the Blue Badge holder. This is paramount.

   • You can use your own email address if you manage their affairs, but the personal details must match the Blue Badge.

3. Apply for the "Blue Badge 100% Discount":

   • Once the new account is active, navigate to the exemptions/discounts section.

   • Select the "Blue Badge" exemption.

   • Upload Clear Photos: You'll need to upload clear, legible photos of both the front and back of the Blue Badge.

   • Proof of ID: You'll also need to provide proof of identity for the Blue Badge holder (e.g., passport, driving license). Ensure the name on the ID matches the Blue Badge and the new account.

   • Pay the £10 Registration Fee: This is a one-off fee, not an annual charge.

4. Register Your Vehicle(s):

   • Once the Blue Badge exemption is approved (TfL will notify you, usually within 10 working days, but sometimes quicker), you can register up to two vehicles on this account.

   • Add the vehicle(s) that the Blue Badge holder will be travelling in when using the tunnels.

   • Important: Once your vehicle(s) are linked to an active Blue Badge exemption, they will be recognised by the tunnel ANPR cameras as exempt.

5. Managing the Account (Optional):

   • If you're the primary driver or manager, you can add yourself as an "Authorised User" to the Blue Badge holder's account. This allows you to manage payments, check exemptions, and receive notifications.

   • If you had the exempt vehicle on your own Auto Pay account, it's a good idea to remove it once the Blue Badge exemption is confirmed. While the exemption should override any charges, it simplifies things and avoids potential confusion.

In Summary

While the system might seem a bit convoluted, remember that it's designed to protect the integrity of the Blue Badge scheme. By setting up the account directly in the name of the Blue Badge holder, you're aligning with TfL's requirements and paving the way for smooth, charge-free journeys through the Blackwall and Silvertown Tunnels.

there are several relevant links on the TfL website. Because the Blackwall and Silvertown tunnel charges are part of the same system as the Congestion Charge, you use the same "Blue Badge 100% Discount" application process.

----------------------------------------------------------------------------------------

The most important link for you is the "Before you begin" page, which explicitly states that an account must be in the Blue Badge holder's name.

1. The Main Application Page

• TfL: Blue Badge Discount – Before You Begin

  • Crucial Note from this page: "Before you apply for the Blue Badge discount, you need to set up a London Road User Charging account... in the name of the Blue Badge holder."

2. If You are Applying for Someone Else

If you are managing the account for the Blue Badge holder, TfL provides a specific page for "proxy" applications:

• TfL: Apply for Blue Badge Discount on behalf of someone else

  • This page includes the Authorisation Form you may need to download and sign if you want to be the one legally managing the account while keeping it in their name.

3. General Information on Tunnel Charges & Exemptions

• TfL: Paying the Blackwall and Silvertown Tunnels Charge

  • This page confirms that Blue Badge holders receive a 100% discount but must be registered with TfL to get it. It also explains that if you already have an active Blue Badge discount for the Congestion Charge, it will automatically apply to the tunnels.

Summary of What You Need to Upload:

When you create the new account in the Blue Badge holder's name and apply via the links above, you will need:

• Both sides of the Blue Badge.

• Proof of Identity (one of: Passport, Driving Licence, Birth Certificate, or a Pension/Benefit letter less than 7 months old).

• Authorisation Form (if you are the one applying on their behalf).

Tip: Once the new account is approved, you can add up to two vehicles to it. Once added, those vehicles are "whitelisted" by the cameras and you won't need to do anything else when driving through the tunnels.

Scamarama: Don’t Let Fraudsters Take the Reins of Your Screen

In an age where we do almost everything online, scammers are finding more invasive ways to get to our hard-earned money. One of the most effective methods currently doing the rounds is the screen sharing scam.

The Financial Conduct Authority (FCA) is urging consumers to stay vigilant. But what exactly are these scams, and how can you spot the red flags before it’s too late?

---

What is a Screen Sharing Scam?

A screen sharing scam is a tactic used by criminals to view your private information or gain direct access to your bank accounts. By convincing you to share your screen, they can watch you type passwords, access sensitive documents, and even initiate money transfers right in front of your eyes.

Criminals often initiate contact in several ways:

• Out of the blue: Direct messages on social media or unexpected phone calls.

• Search Engine Traps: Fake contact details for legitimate companies or "too good to be true" investment opportunities appearing in search results.

The "Helpful" Hustle

Once they have you on the line, the scammer will try to build trust. They might pose as a helpful technician, a banking official, or a savvy investment broker.

To "help" you, they will ask you to download legitimate software—tools you may have used for work or to chat with family, such as AnyDesk, Microsoft Teams, TeamViewer, or Zoom. Because the software itself is reputable, many people feel a false sense of security.

The Golden Rule: The scam can only happen if you download the software and grant them control. Once they’re in, your personal information and financial accounts are an open book.

---

Red Flags to Watch Out For

• Unsolicited Contact: If a firm or individual contacts you out of the blue, treat it with extreme suspicion.

• The Screen Share Request: No legitimate financial firm will ever ask to remotely access your computer or phone to process an investment or help with a banking issue.

• High Pressure: Scammers use "ticking clock" tactics to make you act before you think.

• Unrealistic Returns: If an investment opportunity sounds too good to be true, it almost certainly is.

---

How to Protect Yourself

1. Never Share Your Screen: Even if you were the one who searched for the company online, never grant remote access to your device.

2. Verify via the FCA: Only deal with financial services firms authorised by the FCA. Use the FCA Firm Checker to confirm their status.

3. Use Official Contact Details: If you need to speak to a firm, only use the phone number or email address listed on the FCA Firm Checker—not the details provided in an email or by a caller.

4. Check the Warning List: Consult the FCA Warning List to see if a company is known for operating without authorisation.

If Things Go Wrong

If you suspect you’ve been targeted or have already shared your screen, take action immediately:

• Report it: Contact the FCA on 0800 111 6768 or via their online contact form.

• Alert your bank: If you've shared access, call your bank immediately to freeze your accounts.

• Watch for "Recovery Scams": Fraudsters often sell victim lists to other criminals. Be wary of follow-up calls claiming they can recover your lost money for a "small fee"—this is simply the next phase of the scam.

Before making any big financial moves, consider getting independent advice from MoneyHelper or exploring the FCA’s InvestSmart pages to help you stay in control of your money.

3 phone scams to watch out for right now

The average person in the UK receives eight scam calls a month. Some of the most common ones will impersonate your bank in a bid to convince you that your account has been compromised. But any cold call should be treated with extreme caution, as scammers can be incredibly convincing.

Take a look at three that are currently doing the rounds and read our expert tips on how to stay safe.

Source: Which? (14 Jan 2026) 

Our latest scam warnings

Our dedicated team of fraud experts are always on the lookout for scams targeting people across the UK.

Recent tactics to be aware of include an EE points scam and a dodgy NatWest email. Check out the full list, based on your reports to our Which? Scam Action Alerts Facebook community and scam sharer tool. 

Source: Which? (12 Jan 2026) 

5 holiday rental rip-offs to watch out for

Falling victim to a holiday booking mishap could leave you out of pocket or scrambling for somewhere else to sleep at the last minute.

We’ve shared the five biggest accommodation rip-offs – from fake listings to double bookings. Some are scams, others are booking errors – but all of them have the potential to ruin a much-anticipated trip away. 

Source: Which? (07 Jan 2026) 

House fire – Bexleyheath 🔥

Firefighters are sharing their candle safety advice after a house fire on Northall Road in Bexleyheath.  

Part of the ground floor of a semi-detached house was damaged by fire. There were no reports of any injuries. 

The fire is believed to have been accidental and caused by an unattended candle too close to combustible items.    

A London Fire Brigade spokesperson said: "Candles are one of the most common causes of fires in the home and you should be careful when using them.  

"This is a timely reminder to never leave candles unattended and keep them away from anything that could catch fire such as curtains, furniture or clothes.  

"We recommend swapping traditional candles for LED flameless ones as they are much safer, but if you do use real candles, follow our simple safety tips.  

“Firefighters recommend that you have a look at our online Home Fire Safety Checker to make sure there are no hidden hazards in your home.     

“The online tool will ask you a series of questions that will help us work out the level of risk in your home, or the home of someone you care for. It only takes a few minutes to get tailored advice to keep yourself and loved ones safe from fire.” 

The Brigade’s Control Officers were called at 1242 and sent four fire engines and around 25 firefighters from Bexley, Erith and Plumstead fire stations to the scene. The fire was under control by 1355.

Source: LFB (10/01/2026)  

🛡️ Stay Connected: Join the Bexley Borough Neighbourhood Watch Today

As we move forward into 2026, our mission remains clear: to build a safer, more vigilant community across the entire Borough of Bexley. To help us achieve this, we have streamlined how you can receive alerts and report local activity.

Whether you live in Sidcup, Erith, Bexleyheath, Welling or Crayford, your participation makes our borough stronger.

Two Simple Ways to Join & Stay Alert:

1. Visit our Digital Hub Click the link below to access our official Linktree. From here, you can sign up for the blog, report concerns, or subscribe to regular safety alerts across the borough: 👉 linktr.ee/bbnwa

2. Scan the QR Code If you are viewing this on a desktop, simply open your phone’s camera and point it at the QR Code in our sidebar. It will take you directly to our sign-up and reporting tools.

 

Scan QR code or visit inktr.ee/bbnwa

---

Why Join the BBNWA?

• Borough-Wide Alerts: Stay informed about incidents or scams targeting residents across all of Bexley.

• Direct Reporting: Quick access to the right channels for reporting non-emergency concerns.

• A Unified Network: A watched street is a safer street. Join thousands of your neighbours in keeping our borough secure.

Remember: If you see something, say something. Use our Linktree hub to stay vigilant and stay connected.

— The BBNWA Team

Bexley Crime stats ward summary Dec 2025

Source: Bexley Watch Viz

Warning: The 'Cloud Space' Storage Scam – Don’t Get Hooked

Have you recently received an email warning you that your "Cloud Space" is running low or that your files might be "lost" without an active subscription? If so, you aren't alone.

A new wave of phishing emails is hitting inboxes, preying on our fear of losing precious photos and documents. Here is a breakdown of how this specific scam works and the "red flags" you need to look out for.

The Anatomy of the Scam

The goal of this email is simple: to make you panic and click the "Increase Storage" button. Once you click, you are likely directed to a fake login page designed to steal your password, or a payment page intended to harvest your credit card details.

5 Red Flags Found in This Email

1. The "From" Address Doesn't Match The email displays the name "Cloud space," but look closely at the actual email address: alasteir_886aylmer-332... @outlook.com. A legitimate service like Google Drive, iCloud, or Dropbox will always email you from their official corporate domain (e.g., @https://www.google.com/search?q=google.com or @dropbox.com), never a random Outlook or Gmail account.

2. Artificial Urgency Phrases like "Without an active subscription, your files could be lost" are designed to make you act quickly without thinking. Scammers rely on fear to bypass your better judgement.

3. Vague Branding The email refers to "Cloud space" and "Drive Port access" rather than a specific company. Legitimate companies spend millions on branding; they won't forget to include their own logo or name in a billing alert.

4. Generic Greeting Notice that the email doesn't address you by name. It uses a blank "Customer" field or simply targets your email address. Real service providers usually address you by the name on your account.

5. Too Good to be True The offer in the screenshot claims a "10 TB Data" plan with an "80% Off" discount. If a deal for massive amounts of storage seems incredibly cheap and arrives out of the blue, it’s almost certainly a trap.

---

What to do if you get this email:

• Do NOT click any links: This includes the "Unsubscribe" link at the bottom, which is often used by scammers to confirm your email address is active.

• Check your account manually: If you’re worried about your storage, go directly to the official website (e.g., drive.https://www.google.com/search?q=google.com) or use the official app on your phone to check your status.

• Report and Delete: Mark the email as "Spam" or "Phishing" in your inbox settings, then delete it.

Stay safe online – if in doubt, check it out (properly)!

🚨 NEIGHBOURHOOD ALERT: STOLEN VEHICLE & BABY GEAR: Montrose Avenue, Welling (DA16) 🚨

A local resident of Montrose Avenue is appealing for help after their car was stolen from outside their home yesterday evening (Friday, 9th Jan) between 20:08 and 20:16.

The vehicle is a Blue 2015 Ford Fiesta Titanium X (Reg: MD65 CBU).

Stolen blue Ford Fiesta - MD65 CBU

In addition to the vehicle, the family is devastated as their baby’s Nuna Swiv pram and Nuna car seat were also inside.

🎥 CCTV / Ring Doorbell Appeal

Residents on Montrose Avenue, Welling Way, and the surrounding areas are asked to check their cameras for the time window between 20:00 and 20:30.

Information is needed regarding:

1. The blue Fiesta (MD65 CBU) being driven away.

2. Any suspicious vehicles or individuals seen "scouting" the street in the minutes leading up to the theft.

Vehicle Details:

• Model: Blue Ford Fiesta Titanium X (2015)

• Registration: MD65 CBU

• Crime Ref: 01/7033914/26

If you see this car abandoned in a nearby street, or if you spot the Nuna pram or car seat for sale on local marketplaces, please contact the police on 101 or report it anonymously to Crimestoppers at 0800 555 111.

Please stay vigilant and ensure all vehicles are securely locked, as thieves appear to be active in this specific part of Welling.

How to avoid identity theft

'Identity theft' is when personal details are stolen, and 'identity fraud' is when those details are used to obtain goods or services by deception.

Identity thieves can steal your personal information in several ways, including buying details from the dark web (a hidden and unregulated part of the internet). But there are things you can do to reduce the risk of it happening to you.

Source: Which? (06 Jan 2026) 

Why cancelling your card might not stop fraud

Did you know a fraudster can sometimes keep spending on your card even after you’ve cancelled it and received a replacement? Which? senior researcher Faye Lipson didn't, until it happened to her.

Here's how it can occur and what you can do to protect yourself.

Source: Which? (08 Jan 2026) 

Beware of Amazon 'one-time passcode' scams

Cold-calling fraudsters are impersonating Amazon and claiming that there's been fraudulent activity on your account. This is known as the 'one-time passcode scam' as the scammers use key information they already have on you to convince you to grant them access to your Amazon account.

Find out how this Amazon scam works and how you can spot, avoid and report it. 

Source: Which? (07 Jan 2026)