Kaspersky experts have identified a sophisticated copycat phishing campaign targeting users of the GOV.UK website.
Active since November, the NotGOV campaign has the potential to affect thousands of users by luring consumers to illegitimate GOV.UK web pages including tax returns, export licence applications, and cost of living payment support forms.
Launched in 2015 and now part of the UK’s national infrastructure, GOV.UK helps millions of people find the government services and information they need every day.
The newly identified campaign is understood to have already successfully stolen a significant volume of information from victims since it was launched in November, with compromised data including full names, email addresses, mobile numbers, home addresses, dates of birth, and financial information including credit card numbers, expiry dates and CVV numbers.
This campaign is as dangerous as it is unique, focusing on a range of targets who are reliant on Government support, from small to medium sized businesses through to the most vulnerable in our society,” said David Emm, Principal Security Researcher, Kaspersky.
“The level of detail and scale of services being mimicked means that there are numerous ways this scam is catching people off guard.
“Phishing normally targets lots of individuals for relatively small amounts of information or money, but this is a very carefully crafted campaign that requires an extremely high degree of caution on the part of the recipient.”
A significant number of individuals choose to use the holiday period to file their tax returns with HM Revenue and Customs, with data showing that over 22,000 forms were submitted for the 2021 to 2022 tax year over the Christmas period (from Christmas Eve to Boxing Day).
Combined with general consumer concerns around the cost living, the timing of the scam is almost certainly designed to coincide with an annual surge in GOV.UK users, with cybercriminals using email and text message campaigns that create a sense of urgency, curiosity, and fear in victims.
Although the UK Government has rightly warned consumers about the rise in scams, Kaspersky urges that stricter guidelines be established between legitimate organisations and the channels they are using to communicate with their audiences, in order to combat the spread of malicious campaigns like NotGOV.
By eliminating the use of hyperlinks as a call to action in marketing materials and moving towards clear instructions that empower individuals to find the information they need independently, scammers will immediately lose the ability to spoof content that can entrap recipients.
Emm concluded, “NotGOV shows that criminals are learning from their mistakes and now capable of creating highly accurate imitations of legitimate email communications to defraud people of their personal information.
“To remain safe, we must move beyond simply relying on spotting mistakes in text or images. Instead, there needs to be a root and branch review of the regulations around official communication methods and channels, but also a total reshaping of people’s behaviour. Simply put, if you receive any sort of message encouraging you to click, don’t.
“Manually search for the information and navigate your own way around a website. It may take longer, but it will keep you safe.”