Scam warning: fake government Emergency Alerts emails circulate
Which? is warning about fake 'government' emails related to the Emergency Alerts test that took place on 7 September.
The worryingly convincing emails appear to come from ‘Government Digital Services’ and recipients may be easily tricked into clicking a malicious link to complete a survey about the recent test.
It’s a common tactic for scammers to hijack a big news event, so it’s no surprise that we’re seeing scams off the back of the recent Emergency Alerts test.
These emails are not genuine and recipients shouldn’t click on any links.
Here we explain what these emails look like, what you should do if you’ve clicked a malicious link and how to spot and report scam emails.
Sign up for scam alerts
Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.
Sign up for scam alerts
Emergency Alerts email scam
One email titled ‘Emergency Alerts - Confirmation’ contains many hallmarks of an email that could be trusted. It has gov.uk branding, the style of the email feels pretty genuine, and it even contains links to genuine government advice pages about the Emergency Alerts test.
On closer inspection of the email, recipients will quickly find that it isn’t from ‘Government Digital Services’, as it suggests. Instead, the sender's email has been masked, or 'spoofed’, to disguise the random email address that the sender is using. Spoofing the email address to make it appear as though the email is from a trusted source is a common tactic and one that's not always easy to spot.
Most worrying, though, is that the email asks whether you received the Emergency Alert test on 7 September, prompting you to click on either ‘yes’ or ‘no’. Which? wasn't able to inspect the links, but reports suggest they contain malware. This is a type of software that can be installed on your device after you click on it and allows a scammer to steal personal information or take over accounts.
We've seen several different email senders, none of which are genuine .gov.uk email accounts. The government has also confirmed to Which? that it is not sending emails asking for feedback.
The government team told Which?: 'We reported this scam to the National Cyber Security Centre as soon as we became aware of it. As always, people should forward suspicious emails to report@phishing.gov.uk, and not click on suspicious links.'
What to do if you’ve clicked a malicious link
If you believe you've clicked a malicious link, you should be careful not to log in to any accounts.
You should disconnect your device from the internet or data services (on a phone you can put it into airplane mode) and run an antivirus to scan for any threats. If you can’t run an antivirus, you should perform a factory reset of your device – this will erase all data, including the malware. You may want to back up any important files before you do this.
Consider changing your passwords on any compromised accounts and make sure you use strong passwords and two-factor authentication where possible.
Which? Tech members can contact the Which? Tech Helpdesk for 1-2-1 support.
- Read more: How to get rid of a computer virus.
How to spot and report scam emails
Always be suspicious of an unexpected email, especially if you’re being asked to click on a link, make a payment or log in to an account.
Pay attention to the sender's details by hovering over the email address on a computer or inspecting the email address with a long press on a mobile device. This will reveal the sender’s true email address.
Forward scam emails to report@phishing.gov.uk, as this is the quickest way to get them taken out of circulation. Also, flag it as ‘spam’ in your inbox to tell your email provider to direct dodgy emails like these straight to your spam folder.
If you're concerned that an email could be genuine, don't click on any links or follow any instructions from the email. Instead, you should verify the email with the organisation it claims to be from by contacting them directly using details found on its website.
If you lose any money to a scam, call your bank immediately using the number on the back of your bank card. Report scams to Action Fraud, or call the police on 101 if you’re in Scotland.
