#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 13°C Sunday 20 June 2021
Advertisement

Debunked: Messages shared on WhatsApp claim that scammers are calling people with their HSE data

Different versions of the message have appeared in recent days.

MESSAGES CIRCULATING ON WhatsApp claim that people are getting calls from scammers who purport to have personal data about them – including information about their medical appointments.

Different versions of the message have been forwarded to WhatsApp users and into groups over the past week or so, following a cyber attack on the HSE.

Here’s one version of the message:

HSE message Source: WhatsApp

Other iterations of this message mention similar details: someone gets a call from a Dublin phone number purporting to be from the HSE, and is told their date of birth, PPS number and medical information, along with a request for their bank details.

The message bears all the hallmarks of a normal WhatsApp rumour: it’s a forwarded text from an unknown source who gives details that are specific enough to be concerning and believable, but vague enough that they’re difficult to verify.

The Journal has debunked messages with these characteristics before, particularly at the start of the Covid-19 pandemic (though such rumours are not limited to health issues). 

The fact that re-worded versions of the same message are being forwarded on WhatsApp is also suspicious. But that doesn’t mean it should be ignored completely.

The process that’s described is the exact type of thing that people should be wary about following the HSE hack.

It’s impossible to say whether the scam is actually happening to people in Ireland, and we have not heard from anyone directly who has received this type of call.

A spokesperson for the HSE would not confirm whether it had received any reports of scam calls like the one described on WhatsApp, forwarding queries from The Journal to gardaí.

But last week, HSE CEO Paul Reid said there was “no doubt” that fraudsters who don’t actually have patients’ data are using the attack as an opportunity to try and defraud people.

He said that fraudsters were “leveraging off the fear” that people have about the hack and potential data breaches and were contacting people trying to get more information from them.

Gardaí would also not say whether people had received calls of this nature since the cyber attack on the HSE earlier this month, and a statement said that investigators had not confirmed whether reports of personal data being leaked were genuine.

However, a garda spokesperson said the leaking of personal data was a common feature of attacks like the one experienced by the HSE.

“An Garda Síochána has encouraged people who have reason to suspect they are victims of cyber related crime, particularly the recent criminal cyber attack of the HSE, to make a report at their local garda station or the Garda Confidential Line,” a statement said.

Gardaí have also urged the public not to forward any anonymous content to others, particularly on social media messaging apps such as WhatsApp, saying that such messages proliferate the spread of misinformation and can cause fear amongst people.

NO REPRO FEE HSE weekly update 005 Paul Reid: suggested fraudsters may take advantage of worries over the HSE cyber attack Source: Leon Farrell/Photocall Ireland

What to do if you suspect someone is trying to scam you

Of course, if your personal data has been dumped on the internet (and even if it hasn’t been), it’s entirely possible that you’ll be contacted by a scammer trying to get information from you.

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

Support us now

This may happen differently to how it’s described in the WhatsApp message above: it could be an Irish mobile number instead of a Dublin landline, or the person might not even say they have your personal data. It might not be a caller at all.

Regardless, if you think something is suspicious – or if anyone ever gets in touch asking you for personal data over the phone or over a screen – it’s always helpful to remember a few things. 

If you are contacted out of the blue by someone who claims to have your data and asks you for your bank account details or PPS number, do not engage with them and do not give them any personal information.

If a caller rings you unprompted and claims to be from an organisation you deal with, like your bank or a hospital, end the call and check the organisation’s number online - then call it back to see if the call came from the organisation.

If you receive an unexpected text or an email with a request for your bank details or PPS number, do not click on any links.

And if you do think you’ve given scammers your personal information, call gardaí on the Garda Confidential Line (1800 666 111) or at your local garda station.

Last week, the HSE also issued its own warnings about the cyber attack.

CEO Paul Reid said the HSE would not contact people looking for their PPS number proactively, and urged anyone with suspicions about a phone call purporting to be from the HSE to contact gardaí.

The Journal’s FactCheck is a signatory to the International Fact-Checking Network’s Code of Principles. You can read it here. For information on how FactCheck works, what the verdicts mean, and how you can take part, check out our Reader’s Guide here. You can read about the team of editors and reporters who work on the factchecks here

Have you gotten a message on WhatsApp or Facebook or Twitter about coronavirus that you’re not sure about and want us to check it out? Message or mail us and we’ll look into debunking it. WhatsApp: 085 221 4696 or Email: answers@thejournal.ie

Read next:

COMMENTS