Scam Watch !

Each month we'll highlight some current scams to look-out for:

1. NHS - Action Required GP Register (May 2025)

- There is an email and text asking you to Update Your GP Details

- This uses the correct NHS colours and font styles and looks very convincing !

2. 'Have I Been Pawned's typo-squatting (May 2025)

- With the recent high-profile Retail cyber attacks on M&S, Co-Op and Harrods, many people are using the legitmate ' haveibeenpwned.com ' web site to check if their details have been leaked.

- The spelling of the domain name - note it's spelt 'pwned' but pronounced 'pawned' is being used by hackers

- Unknowingly going to 'haveibeenpawned.com' would be a site impersonating Microsoft; asking you to take a Microsoft Edge Security Check

- It's always best to carefully type your most frequently visited Sites and then Bookmark them. This avoids frequent typo-squatting like mis-spelling 'microosoft', 'goggle', faceboook' and 'bitwariden'

3. DVLA Payment Unsuccessful (March 2025)

- There is an email doing the rounds which states 'your latest vehicle tax payment to the Driver and Vehicle Licensing Agency (DVLA) was unsuccessful'

- There is a threat of a £1000 Fine which encourages recipients to respond to what is a convincing phishing attempt to collect your personal details

- If you're interested in seeing how convincing this is, the link in the email is:

https://media.product.which.co.uk/prod/images/article_image_780px/f92fa4420e23-screenshot-2025-03-19-at-181940.webp

4. WhatsApp Scams (March 2025)

- The average individual loss of being scammed on WhatsApp is £2437* compared to £478 on Facebook (*Revolut Survey 2025)

- Most of these scams involve you being added to a random WhatsApp 'group'; and then messaged about fake job offers (51% of Cases) or investment opportunities (38%)

- The fact that WhatsApp messaging is encrypted 'end-to-end' means the scammers are very hard to identify and track-down

- It's worth changing your WhatsApp Privacy Setting for Groups from to 'Everyone' to 'My Contacts'

5. Winter Fuel Payment (March 2025)

- The Subsidy Payment Centre (whoever they are!) are sending Text Messages, often to a Group of unconnected people, stating that you haven't applied for your £300 subsidy

- The Link in the message begins with grco.de - the suffix .de is German which should be a giveaway that there's something amiss

- Be Aware...this is a classic example of Phishing for personal information by clicking on a Link in a Text or Email

6. GMail Users Targeted (March 2025)

- This involves using AI to conduct a co-ordinated approach to GMail Users via Phone and Email

- The attack starts with a phone call - claiming to be from Google - informing you that your Google Account has been hacked. At the same time, an Email arrives to confirm your Account has been compromised

- The hackers then ask for your Google Account Recovery Code; this is the Code sent to your Mobile or Recovery Email Address to enable Account access. Some people receive a further recorded message urging people to share the Code with Google Support

- With this Code, ALL your Google Account information e.g. personal & payment details (except Card CVV) can be stolen

- To stay safe, NEVER share this Recovery Code with anyone...simples !

7. £3 Great Western Railway ' UK Annual Pass' (Feb. 2025)

- If you travel on GWR trains be aware of a Facebook advertisement promising a 'UK Annual Pass' that would give me unlimited travel for just £3.

- Clicking the link takes you to a fake but similar to the Official GWR web page that asks for your Personal Details.

- GWR have confirmed it's a well-known scam that's been around for about a year.

Remember: 'If it seems too good to be true, it usually is !'

8. Fake QR Codes in eMails & Car Parks (Feb. 2025)

- Scammers are increasingly using fake QR codes to trick you.

- This kind of scam asks you to scan a QR Code - usually with your mobile phone camera - to perform urgent tasks, such as confirming a payment or verifying your account details.

- Doing so takes you to a fake website where the scammers will ask for your Personal Details.

- This form of scamming is also used at Car Parks; where scammers place their fake QR Codes over the legitimate ones already on the Payment Machines.

- The basic rule for avoiding fake QR codes is always the same as for any scam: be extremely suspicious about any unexpected email(s) that ask you to urgently perform an action.

- After scanning a QR Code, check the URL (web site address) that appears on your screen looks genuine. The web site address scanners built into Android and iOS mobile phones do a fair job at blocking suspicious Codes.

9. Register To Vote Emails (Jan. 2025)

- In late January, scam emails supposedly from the Electoral Registration Officer claimed that you needed to prove your identity to remain eligible to Vote.

- It asked for documents such as your Passport; and came from the email address: electoral@register-to-vote.electoral.agency

- Remember our anti-scam mantra....it's ok to just:

'Delete First; Ask Questions Later'

10. 'Upgrade Your Landline' BT Scammers (Jan. 2025)

- Scammers posing as BT staff are phoning customers to ask them to confirm their Personal and Payment information; so they can upgrade their Landline to digital.

- To persuade you they're genuine, they'll know your name and address. If you refuse, they'll threaten to disconnect your Landline, which they claim will also cut your internet connection.

- According to Which?, the fraudsters add a sense of urgency by claiming the deadline is fast approaching. In May last year, BT pushed this back to the end of January 2027.

- Scammers will probably try repeating this scam throughout this year, changing the deadlines to keep adding urgency.

See our more detailed article on 'Avoid Being Scammed'

HTS are happy to answer any Questions or to help you.

Page updated

Google Sites

Report abuse