View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 14, 2023

Businesses among targets of ‘dangerous and unique’ GOV.UK phishing scam

Bogus web pages set up to look like official government forms are being used to harvest personal data.

By Matthew Gooding

A sophisticated phishing campaign using copies of pages from the GOV.UK website is being used to target businesses and consumers, security researchers have warned.

GOV.UK is the latest website to be spoofed in a phishing scam. (Photo by Piotr Swat/Shutterstock)

The campaign, dubbed “NotGOV” by analysts at security vendor Kaspersky, has the potential to affect thousands of users by luring them to illegitimate pages for services including tax returns, export licence applications, and cost of living payment support forms. Victims are sent bogus phishing emails, purporting to be from government departments and directing them to malicious pages.

GOV.UK is the main portal through which citizens and businesses access government support and services. Operated by Government Digital Service, its products are used by more than 13 million people each week.

How the GOV.UK phishing scam works

Kaspersky believes the NotGOV campaign has been active since November, and the criminals behind the scheme are thought to have already successfully stolen a significant volume of information from victims. Compromised data including “full names, email addresses, mobile numbers, home addresses, dates of birth, and financial information including credit card numbers, expiry dates and CVV numbers” has been stolen, Kaspersky said.

David Emm, principal security researcher at Kaspersky, said the campaign is “as dangerous as it is unique” because it focuses “on a range of targets who are reliant on government support, from small to medium-sized businesses through to the most vulnerable in our society”.

Emm said: “The level of detail and scale of services being mimicked means that there are numerous ways this scam is catching people off guard. Phishing normally targets lots of individuals for relatively small amounts of information or money, but this is a very carefully crafted campaign that requires an extremely high degree of caution on the part of the recipient.”

Kaspersky researchers found several spoofed pages closely resembling legitimate GOV.UK forms. Users are being contacted by email and directed to the fake pages.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Kaspersky has shared details of the fake GOV.UK web pages used in the phishing scam. (Image by Kaspersky)

The scam is “almost certainly designed to coincide with an annual surge in GOV.UK users” over the Christmas period, the security vendor added, with cybercriminals using email and text message campaigns that create a sense of urgency, curiosity, and fear in victims. Many people complete their tax returns online during the holiday season.

Phishing scams get more sophisticated

As reported by Tech Monitor, cybersecurity experts are increasingly concerned that businesses are not well equipped to deal with phishing attacks, particularly as generative AI allows criminals to launch more complex and realistic campaigns.

Emm added: “NotGOV shows that criminals are learning from their mistakes and are now capable of creating highly accurate imitations of legitimate email communications to defraud people of their personal information.”

He said that “to remain safe, we must move beyond simply relying on spotting mistakes in text or images”, and added: “There needs to be a root and branch review of the regulations around official communication methods and channels, but also a total reshaping of people’s behaviour.

“Simply put, if you receive any sort of message encouraging you to click, don’t. Manually search for the information and navigate your own way around a website. It may take longer, but it will keep you safe.”

A government spokesperson said: “We closely monitor online channels to ensure that any websites using protected government branding, or incorrectly claiming to be affiliated with government, are reported and, if not resolved, taken down.”

Read more: Bogus phishing emails exploit cost of living crisis

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.