A sophisticated phishing campaign using copies of pages from the GOV.UK website is being used to target businesses and consumers, security researchers have warned.
The campaign, dubbed “NotGOV” by analysts at security vendor Kaspersky, has the potential to affect thousands of users by luring them to illegitimate pages for services including tax returns, export licence applications, and cost of living payment support forms. Victims are sent bogus phishing emails, purporting to be from government departments and directing them to malicious pages.
GOV.UK is the main portal through which citizens and businesses access government support and services. Operated by Government Digital Service, its products are used by more than 13 million people each week.
How the GOV.UK phishing scam works
Kaspersky believes the NotGOV campaign has been active since November, and the criminals behind the scheme are thought to have already successfully stolen a significant volume of information from victims. Compromised data including “full names, email addresses, mobile numbers, home addresses, dates of birth, and financial information including credit card numbers, expiry dates and CVV numbers” has been stolen, Kaspersky said.
David Emm, principal security researcher at Kaspersky, said the campaign is “as dangerous as it is unique” because it focuses “on a range of targets who are reliant on government support, from small to medium-sized businesses through to the most vulnerable in our society”.
Emm said: “The level of detail and scale of services being mimicked means that there are numerous ways this scam is catching people off guard. Phishing normally targets lots of individuals for relatively small amounts of information or money, but this is a very carefully crafted campaign that requires an extremely high degree of caution on the part of the recipient.”
Kaspersky researchers found several spoofed pages closely resembling legitimate GOV.UK forms. Users are being contacted by email and directed to the fake pages.
The scam is “almost certainly designed to coincide with an annual surge in GOV.UK users” over the Christmas period, the security vendor added, with cybercriminals using email and text message campaigns that create a sense of urgency, curiosity, and fear in victims. Many people complete their tax returns online during the holiday season.
Phishing scams get more sophisticated
As reported by Tech Monitor, cybersecurity experts are increasingly concerned that businesses are not well equipped to deal with phishing attacks, particularly as generative AI allows criminals to launch more complex and realistic campaigns.
Emm added: “NotGOV shows that criminals are learning from their mistakes and are now capable of creating highly accurate imitations of legitimate email communications to defraud people of their personal information.”
He said that “to remain safe, we must move beyond simply relying on spotting mistakes in text or images”, and added: “There needs to be a root and branch review of the regulations around official communication methods and channels, but also a total reshaping of people’s behaviour.
“Simply put, if you receive any sort of message encouraging you to click, don’t. Manually search for the information and navigate your own way around a website. It may take longer, but it will keep you safe.”
A government spokesperson said: “We closely monitor online channels to ensure that any websites using protected government branding, or incorrectly claiming to be affiliated with government, are reported and, if not resolved, taken down.”