Beware – Fraudsters Mimic DWP to Harvest Credit Card Info in Latest Phishing Scam

A sophisticated phishing campaign targeting UK residents has been gaining momentum since late May, with a sharp increase in activity observed throughout June.

Cybercriminals are impersonating the Department for Work and Pensions (DWP) and sending convincing SMS messages that urge recipients to claim their Winter Heating Allowance, warning them that they risk losing out on vital government support.

How the Scam Works

Victims receive a text message purporting to be an “official notice” from the DWP. The message warns that the recipient has not submitted their application for the winter heating subsidy and provides a link to a website that closely mimics the official GOV.UK portal.

The fraudulent message claims that, if eligible, recipients could receive a payment of £200 or £300 directly to their bank account, but only if they act quickly and provide personal information.

Upon clicking the link, users are directed to a fake website designed to look nearly identical to the legitimate Winter Fuel Payment page. The site requests sensitive details, including:

• Full name, address, and contact information
• Email address
• Debit or credit card information

This data is then harvested by scammers, who can use it for identity theft or to commit financial fraud.

Technical Details & Red Flags

The phishing campaign leverages several tactics to appear authentic:

• Shortened URLs: The SMS uses shortened links to obscure the proper destination, making it harder for recipients to verify legitimacy.
• Imitation of Official Language: The wording closely mirrors that of real government communications, even referencing the correct payment amounts and eligibility criteria.
• Urgency and Threat of Loss: The message warns that failing to act will result in the funds being “allocated to those in greater need,” pressuring recipients to respond quickly without due diligence.
• Fake Webpages: The fraudulent sites copy the GOV.UK branding and layout, but requests credit card details, which is something the real DWP would never do for such payments.

How to Stay Safe

• Never click on suspicious links in unsolicited messages, even if they appear official.
• Check the sender’s details and look for subtle errors in the website address.
• Remember: The DWP and other government agencies will never ask for credit or debit card details to process benefit payments.
• Report suspicious messages to Action Fraud or forward scam texts to 7726.

As phishing tactics become increasingly sophisticated, vigilance is key.

If you receive a message about government payments, always visit the official GOV.UK website directly by typing the address into your browser rather than clicking on links in messages. Stay alert and protect your personal information from fraudsters.