Cyber Defense Advisors

Winter Fuel Payment scam targets UK citizens via SMS

Scammers have leapt at the opportunity to exploit vulnerable UK residents by sending bogus messages telling them they need to take action to receive help with their winter heating bills. 

In July, the UK’s new Labour Government announced that it was limiting who was eligible for assistance with their winter fuel bills by making eligibility means-tested. 

The controversial decision appears to have inspired fraudsters to launch a campaign designed to steal sensitive information from low-income senior citizens and leave them even more out of pocket. 

Many people have reported receiving scam text messages claiming to relate to the Winter Heating Allowance and Cost of Living Support, and calling on recipients to take prompt action to avoid missing out. 

Reporters at Bleeping Computer observed that clicking on the link from a mobile device takes potential victims to a phishing site that poses as an official Gov.uk webpage, asking for personal information and payment details. 

The bogus webpage promises that £900 will be paid automatically into the victim’s account when their application is submitted. 

Clearly entering any personal details – including banking and payment card information – is not advisable. 

The truth is that the UK Government’s warm home discount is applied automatically. Eligible individuals will receive a letter from the government telling them they are in line for a payout, and no action is required by the recipient. 

The UK Government would not be asking those hoping for a winter heating or cost of living allowance to enter their payment card details. 

Cybersecurity researcher Jake posted on Twitter in late October that he had seen 900 different domains linked to by the scam campaign, using the TinyURL shortener. 

Other examples seen have used other URL shorteners, such as bit.ly, and the scammers behind the campaign have used a variety of different messages to socially engineer unsuspecting users into visiting a phishing site. 

The Regional Organised Crime Unit (ROCU has issued a warning about the scam, and advised recipients to report scam websites to the National Cyber Security Centre (NCSC), and forward scam text messages to 7726. 

Full details of the UK Winter Fuel Payment scheme can be found on the (genuine) Gov.uk website

Two years ago, the NCSC warned that fraudsters were sending out emails and SMS texts urging UK homeowners to sign up for a discount on their energy bills. 

Earlier in 2022, Tripwire reported on a similar scam campaign spread via SMS message, which claimed to come from the NHS and warned that recipients had come into contact with someone suffering from the Omicron variant of COVID-19.

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.