New Phishing Attack Impersonates DWP to Steal Credit Card Information from Users

A sophisticated phishing campaign targeting UK residents has been active since late May 2025, with a significant surge in activity during the second half of June.

This malicious operation impersonates the Department for Work and Pensions (DWP), a key UK government body responsible for welfare and pension services, by sending fraudulent SMS messages to unsuspecting individuals.

The attackers exploit the trust associated with official government communications, tricking users into revealing sensitive personal and financial information, including credit card details.

SMS Campaign Targets Vulnerable UK Residents

The phishing campaign leverages SMS as its primary attack vector, a method known as “smishing” (SMS phishing).

These messages typically contain urgent warnings about missing applications for the Winter Heating Allowance, a legitimate government benefit designed to assist eligible citizens with heating costs during colder months.

The attackers craft their texts to instill a sense of urgency, prompting recipients to act quickly without verifying the authenticity of the message.

Embedded within these SMS messages are shortened URLs, often generated through link-shortening services, which redirect users to counterfeit websites mimicking official DWP portals.

These fake websites are meticulously designed to replicate the look and feel of genuine government platforms, complete with branding and layout similarities, making it challenging for even cautious users to identify the deception.

Technical Details of the Phishing Operation

Upon landing on these malicious sites, victims are prompted to input personal details such as full names, addresses, and, critically, credit card information under the guise of completing their benefit application or verifying their identity.

This data is then harvested by cybercriminals, likely for direct financial fraud or resale on dark web marketplaces.

The use of shortened links not only obscures the destination URL but also complicates detection by traditional security tools, as the true malicious domain remains hidden until the link is clicked.

Cybersecurity experts have noted that the timing of this campaign, coinciding with heightened public awareness of winter benefits, amplifies its effectiveness, as many individuals are expecting or seeking information about such allowances.

The campaign’s persistence and scale suggest a well-coordinated effort by threat actors, potentially operating as part of a larger cybercrime syndicate.

While the exact number of affected users remains unclear, the spike in activity during June indicates a broad targeting strategy aimed at maximizing reach.

Authorities and cybersecurity firms are urging the public to remain vigilant, emphasizing that legitimate government entities like the DWP will never request sensitive information such as credit card details via unsolicited messages or links.

Users are advised to independently verify any communication by visiting official government websites directly through trusted channels, rather than clicking on links provided in SMS or emails.

This incident underscores the growing sophistication of phishing attacks and the critical need for public awareness around cybersecurity best practices.

As smishing continues to evolve as a preferred tactic for cybercriminals, individuals must exercise caution with unsolicited messages, especially those invoking urgent action or financial transactions.

Staying informed and skeptical of unexpected communications can serve as the first line of defense against such deceptive and harmful schemes.

Exclusive Webinar Alert: Harnessing Intel® Processor Innovations for Advanced API Security – Register for Free