Since late May, a #phishing campaign impersonating @DWPgovuk has been circulating via SMS using shortened links leading to fake government websites, peaking in the second half of June. The researchers noted that the campaign utilizes shortened URLs to obscure the malicious destination, leading unsuspecting victims to convincing replica websites that closely mimic official DWP portals. A sophisticated phishing campaign targeting UK citizens has emerged, masquerading as official communications from the Department for Work and Pensions (DWP) to steal sensitive financial information. Once victims navigate to these malicious sites, they encounter forms requesting comprehensive personal information including credit card details, banking information, and identity verification data under the guise of processing benefit applications. The campaign, which has been active since late May 2025, represents a significant escalation in social engineering attacks against British residents, exploiting concerns about government benefits and seasonal allowances. Gen Threat Labs analysts identified the campaign’s peak activity occurring in the second half of June 2025, indicating a coordinated effort to maximize impact during a period when citizens would be most concerned about heating allowances. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The attack leverages SMS messaging as its primary vector, distributing fraudulent messages that warn recipients about missing Winter Heating Allowance applications. The attackers register domains that closely resemble legitimate government websites, utilizing techniques such as typosquatting and homograph attacks. These messages create a sense of urgency by suggesting that immediate action is required to avoid losing crucial financial support during the winter months. These fraudulent sites are designed with meticulous attention to detail, incorporating official DWP branding, logos, and layout structures to establish credibility. They enable the attackers to track click-through rates, analyze victim demographics, and implement conditional redirects based on user-agent strings or geographic locations. This data collection allows the threat actors to refine their targeting strategies and optimize conversion rates for their credential harvesting operations. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.
This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 05 Jul 2025 12:00:14 +0000