Fraudsters impersonate Dorset Council with invoicing scam

Both businesses and consumers across the UK have received a scam email claiming to be from Dorset Council, asking for payment of an invoice.

According to Dorset Council, several thousand of these scam emails were sent on Friday 24 June.

Find out how to spot, avoid and report this scam. 

Sign up for free Which? scam alerts to find out about the latest scams news and advice.

Dorset Council email scam

The phishing email claims to be sent by Dorset Council's Accounts Receivable team. 

Confusingly, the legitimate Dorset Council email addresses that have been spoofed by scammers - helpdesk@dorsetcouncil and arhelpdesk@dorsetcouncil.gov.uk - making the email appear genuine. 

The email states:

'Please find attached details of an invoice that is now payable

'If you have any queries regarding this invoice please do not hesitate to telephone or email using the contact details on the attachment.

'Regards, Accounts Receivable Team,’

The instruction from the scammer is clear - they want you to open the dodgy attachment.

Understanding and reporting email scams

Dorset Council has issued a warning about the scam, advising that recipients don't open the email, links or attachments, and delete the email immediately.

Email spoofing, where a scammer impersonates a genuine person or organisation, is a common tactic used by scammers to convince you to part with your cash, personal details or click on dodgy links that download malware to your device. 

If you receive a suspicious or unexpected email, especially one that asks for payment or personal details, contact the organisation directly using official details from its website to verify the authenticity of the email.

Don't be tempted to respond to emails like these. You can report scam emails by forwarding them to report@phishing.gov.uk, then delete the email.

How to spot a scam email

Here are some top tips on how to spot a scam email:

1. Check the 'from' address - scammers can spoof the sender ID to make it look genuine, find out if there's a fraudster behind the email by right-clicking on the sender name to see the email address behind it.
2. Check the greeting and look for odd wording - scam emails are often impersonal and don't include your name, also look out for odd wording in the email.
3. Check the contact information and dates - is it accurate and recent. While scammers sometimes get this information right, often scam emails contain errors in the contact details or it's missing entirely.
4. Check the branding - scammers are getting better at their graphic design, but any logo that looks odd is a good indication of a scam. 
5. Check the link - avoid the temptation to click the link, but you can check its authenticity by comparing it to the web address of the genuine organisation.