Fraudulent Universal Credit Account Takeover Impersonating DWP
Criminals use DWP-branded phishing to harvest Government Gateway credentials and then either take over existing Universal Credit accounts to change bank details, or create fraudulent new claims in the victim's name using stolen identity data.
Part of: New Account Takeover
Last reviewed: 8 June 2026
Universal Credit and other DWP benefits are administered through the gov.uk platform using Government Gateway or Universal Credit journal credentials. The combination of financial value and identity information stored in these accounts makes them prime targets for account-takeover fraud.
Phishing campaigns branded as DWP messages send victims to lookalike Government Gateway portals. Captured credentials are used to log into the real account, change direct-deposit banking details, and harvest the personal information stored in the profile for further identity fraud.
A secondary variant does not require existing credentials: attackers use identity data harvested from data breaches to submit fraudulent new Universal Credit claims, receiving payments for months before the fraud is detected. The DWP strongly encourages people to create and monitor their own benefits accounts and to respond promptly to any notification of account activity they did not initiate.
How this scam works on the DWP brand
A DWP-branded SMS or email arrives claiming there is a problem with the recipient's claim, an unclaimed payment, or a security alert requiring action. The link leads to a fake Government Gateway login page. Once credentials are entered, the attacker changes the linked bank account and the email address on the profile, locking the victim out.
In the new-claim variant, the attacker submits an online Universal Credit application using the victim's NI number, date of birth, and address. They create a new Government Gateway account using a disposable email address. The claim is approved and payments begin going to the attacker's nominated account. The victim only discovers the fraud when they later apply for benefits themselves, or when DWP correspondence arrives at their address.
Some attackers also sell verified Government Gateway access on underground forums, where buyers extract stored benefit history, tax records, and NI contribution data for subsequent identity fraud.
Common red flags
- DWP message provides a link to a login page that is not gov.uk
- You receive Government Gateway login notifications or account-change emails you did not initiate
- Your Universal Credit account shows a bank change or address update you did not make
- You attempt to apply for Universal Credit and are told a claim already exists under your NI number
- DWP correspondence arrives at your address about a claim or account you did not open
- Message claims an unclaimed payment is waiting but requires login via an external link to collect
- Urgency framing: you must respond within 24 hours or lose your claim
How to protect yourself
- Access your Universal Credit account only by typing gov.uk into your browser and navigating from there
- Enable two-step verification on your Government Gateway account
- Monitor your online journal regularly for messages and changes you did not make
- If you receive an unexpected DWP account-change notification, call the Universal Credit helpline on 0800 328 5644 immediately
- Report any fraudulent claim opened in your name to the DWP fraud hotline at 0800 854 440
- Place a credit freeze if you believe your full identity details were harvested
- Contact HMRC if Government Gateway access was compromised as it links to multiple services
How to report it
- Report benefit fraud to the DWP fraud hotline at 0800 854 440
- Report to Action Fraud at actionfraud.police.uk or 0300 123 2040
- Forward any phishing messages to [email protected] (NCSC)
- Forward smishing texts to 7726
- Contact HMRC identity theft helpline at 0300 200 3300 if Government Gateway credentials were entered
Frequently asked questions
Can someone claim Universal Credit in my name without my knowledge?
Yes, if they have your National Insurance number, date of birth, and address — details available from data breaches. They create a new Government Gateway account and submit a claim. You would typically only discover this when DWP correspondence arrives at your address or when you try to claim benefits yourself.
How does the DWP communicate genuine account issues?
DWP communicates through your online journal, by post, and via scheduled phone calls. It does not send unsolicited SMS or email links to login pages, and it does not threaten immediate loss of benefits for failing to click a link within 24 hours.
I clicked a DWP phishing link and entered my Government Gateway credentials. What should I do?
Go to gov.uk/government-gateway and reset your password immediately. Check all services linked to your Government Gateway — Universal Credit, self-assessment, child benefit — for any changes. Call the DWP fraud hotline and HMRC identity theft helpline to flag the compromise.