New Phishing Attack Impersonates DWP to Steal Credit Card Information from Users

A sophisticated phishing campaign targeting UK residents has been active since late May 2025, with a significant surge in activity during the second half of June.

This malicious operation impersonates the Department for Work and Pensions (DWP), a key UK government body responsible for welfare and pension services, by sending fraudulent SMS messages to unsuspecting individuals.

The attackers exploit the trust associated with official government communications, tricking users into revealing sensitive personal and financial information, including credit card details.

SMS Campaign Targets Vulnerable UK Residents

The phishing campaign leverages SMS as its primary attack vector, a method known as “smishing” (SMS phishing).

These messages typically contain urgent warnings about missing applications for the Winter Heating Allowance, a legitimate government benefit designed to assist eligible citizens with heating costs during colder months.

The attackers craft their texts to instill a sense of urgency, prompting recipients to act ...