TEXT SCAMS

DWP energy support allowance text scam 2026: is the £200 real, or is it phishing?

A text from the "DWP" saying you have not claimed a £200 to £300 energy support allowance is one of the busiest government-imposter smishing waves hitting UK phones this year.

SB

SafeBrowz Threat Research Security Research18 June 20268 min read

What the DWP energy support text scam is, and why it is spreading now

The message reads like good news. It claims to come from the DWP or "Gov.UK Energy Support", says your household qualifies for an energy or cost of living allowance of £200, £250, or £300 that you have not yet claimed, and warns that the window to claim is closing. Then it gives you a link to "verify your details and receive your payment". The link is the entire attack. Tap it and you reach a page styled like a government portal that asks for your name, address, date of birth, National Insurance number, and crucially your bank or card details so the "refund" can be paid in.

The Department for Work and Pensions has stated plainly that it does not contact people this way. The DWP and the official GOV.UK scam guidance repeat the same rule: the department will never text or email you an unsolicited link to claim money, and any message that does is fraudulent. GB News has covered the 2026 wave in its money section, reporting DWP warnings over fake energy support and cost of living messages circulating to UK mobiles. Action Fraud, the UK's national fraud reporting centre, lists DWP and cost of living impersonation among the message types it most frequently receives reports about.

The reason it works is timing and trust. Real cost of living and energy support payments did exist in recent years and were paid automatically to eligible households, with no application and no link. That is exactly the memory the scammers exploit. They borrow a genuine-sounding scheme name, attach the most trusted brand in the country, and bank on the fact that "free money from the government, but only if you act now" overrides caution. This variant pairs with the parallel Winter Fuel Payment text scam, which uses the identical mechanic with a seasonal name.

What the scam text actually says

The wording rotates, but the skeleton is stable. A typical message reads something like this:

• "GOV.UK: You are eligible for a £200 Energy Support payment but have not yet claimed. Confirm your details before the deadline to receive it: [link]"
• "DWP Notice: Our records show an unclaimed Cost of Living allowance of £300 on your account. Verify now to release your payment: [link]"
• "Energy Support Scheme: Your household qualifies for a winter energy rebate. Claim within 48 hours or it will be reallocated: [link]"

Whatever the figure and whatever the scheme name, the destination is the same: a phishing page that harvests your personal details and bank or card information. There is no real allowance being paid. The "claim" form is the theft. Some versions go further and follow up with a fake bank or "DWP fraud team" phone call once you have entered your number, using the details you gave to sound convincing and to talk you into moving money.

What the scam links look like (illustrative)

The link is engineered to look almost-official on a small phone screen. It crams in "dwp", "gov", "energy", or "support", then lands on a free web-hosting platform or a cheap domain that no government service would ever use. The examples below are illustrative examples, the real benefits service only lives on gov.uk. Tap any of them to run it through the live checker:

• dwp-energysupport.vercel.app
• gov-energy-allowance.pages.dev
• dwp-cost-living-claim.netlify.app

The trick is that the words "dwp", "gov", or "energy" appear somewhere in the string, but not as the actual registered domain. A real government service lives under gov.uk, and nothing else. A link ending in .vercel.app, .pages.dev, .netlify.app, .com, or any other host is a different website that merely contains the words, no matter how official it reads. Those free-hosting platforms let anyone publish a page in minutes, which is precisely why scammers use them.

The one rule that settles it every time

You do not need to know whether any energy scheme exists right now. There is a single structural rule that answers every benefit and allowance text in one step: the DWP never texts you a link to "claim" a benefit. Real benefits, allowances, and cost of living support are either paid automatically to eligible people or applied for only on gov.uk, which you reach by typing the address into your browser yourself. So any benefit or allowance text that contains a link to claim, verify, confirm, or release a payment is a scam, full stop. The brand can be DWP, HMRC, the NHS, your council, or "Gov.UK" itself. The rule does not change.

Red flags that give it away

If you want the supporting tells, here are the structural ones.

• It arrived as a text with a link. The DWP does not send unsolicited links to claim money. This single fact is conclusive on its own.
• There is a deadline. "Within 48 hours", "before the window closes", "or it will be reallocated". Genuine support is not a race against a countdown in a text. Urgency is the lever scammers pull.
• The link is not gov.uk. Every real UK government service sits under gov.uk. Any .vercel.app, .pages.dev, .netlify.app, .com, .co, or .info address claiming to be the DWP is fake, even with the words "dwp", "gov", or "energy" in it.
• It asks for your bank or card details to "pay you". A real refund does not need your card number, your sort code and account number entered into a web form, or your PIN. The government already knows how to pay eligible people.
• It wants your National Insurance number, date of birth, and address up front. This is identity-theft harvesting dressed up as eligibility verification.
• The sender is odd. A random mobile number, an unfamiliar shortcode, or a generic webmail address. A real government service does not text a benefit claim from a personal number.
• You did not apply for anything. Being told you have an "unclaimed" allowance you never heard of is the hook, not proof. Attackers blast millions of numbers regardless of who actually qualifies.

How this differs from the HMRC and DVLA versions

If this feels familiar, it is the same crews wearing a different badge. The HMRC tax refund text scam promises a tax rebate; the DVLA vehicle tax scam threatens a failed payment or fine. The DWP energy version uses the friendlier of the two emotions: not a threat, but a gift. The promise of free money lowers your guard in a way a threat sometimes does not, which is part of why it converts. The brand and the story change. The harvest at the end of the link does not. Every one of them ends on a non-gov.uk page asking for your details, and every one of them is defeated by the same rule: you only ever start a government claim by typing gov.uk yourself.

What SafeBrowz sees on the network

When the SafeBrowz engine examines a DWP lookalike page, the attack structure is consistent enough to read across all three detection layers. A few patterns stand out.

First, the domains are young or free-hosted. The destination behind a DWP energy text is almost always a domain registered in the last few weeks, or a subdomain spun up on a free platform like vercel.app, pages.dev, or netlify.app. No genuine government service is days old or hosted on a developer preview platform. Domain-age and free-host signals flag a large share of these before any content loads.

Second, the structure is a keyword sandwich on a non-official host. The string carries "dwp", "gov", "energy", or "support" plus a transactional word like "claim", "support", or "allowance", then resolves anywhere except gov.uk. A UK government brand living on any other registrable domain is itself the signal.

Third, the page content gives itself away. A UK government crest, a "Confirm your details to claim your payment" headline, a bank-detail form, and a countdown, all served from a non-gov.uk host, is a textbook brand-impersonation profile. Content-level analysis catches the impersonation even when the domain is brand new and absent from every blocklist.

How SafeBrowz blocks this threat

SafeBrowz runs a 3-layer detection architecture: Local + APIs + AI.

• Layer 1 - Local detection: 60+ URL patterns + 550+ brand-specific signatures (including Cyrillic and Punycode homograph variants) + community whitelist/blacklist, all running directly in the extension before the page renders. It catches government-impersonation keyword patterns on non-gov.uk hosts, free-host abuse, and "claim-payment" redirect families instantly.
• Layer 2 - API checks: aggregates Google Safe Browsing, PhishTank, URLhaus, ScamAdviser, plus domain-age lookup (most of these destinations are less than 30 days old) and 30+ scam TLDs.
• Layer 3 - AI deep scan: content-aware brand-impersonation analysis in 100+ languages catches a brand-new lookalike that no blocklist has seen yet, including pages hosted on developer free-tier platforms.

Detection signatures are derived from threat-intelligence research and our internal brand database, not from user browsing data. SafeBrowz does not store per-user browsing history.

For people who do not want to install anything, the same engine powers the free public URL checker. Paste any link from a suspicious DWP text and get a verdict in seconds. If you are not sure how to read a URL at all, our guide on how to tell if a website is a scam walks through it step by step.

What to do right now

If a DWP energy text just landed, here is the whole correct response.

1. Do not tap the link. The link is the entire attack surface. Curiosity is how people get caught.
2. Verify directly, not through the text. If you genuinely want to know whether you qualify for any support, open a new browser tab and type gov.uk yourself, then search for the benefit there. Never use a link sent to you.
3. Forward the text to 7726. That is the free shortcode UK mobile networks use to flag scam texts. It spells "SPAM" on the keypad.
4. Report it. Forward suspicious texts to [email protected] and report the scam to Action Fraud at actionfraud.police.uk or on 0300 123 2040. In Scotland, report to Police Scotland on 101.
5. Then delete the message.

If you already tapped the link but entered nothing, you are most likely fine: close the tab and clear cookies for that site. If you entered card or bank details, call your bank using the number on the back of your card, freeze or lock the card in your banking app right away, and watch your statements. If you handed over your National Insurance number, date of birth, and full personal details, treat it as an identity-theft risk: alert your bank, consider a credit freeze with the UK credit reference agencies, and stay alert for follow-up "your account is at risk" calls, which are part of the same con.

Frequently asked questions

Is the DWP energy support allowance text real or a scam?

It is a scam. The Department for Work and Pensions does not text people an unsolicited link to claim a £200 to £300 energy or cost of living allowance, and there is no "Energy Support Scheme" that contacts you by SMS to claim money. GOV.UK guidance and GB News reporting both confirm the DWP does not message you this way. Any benefit or allowance text with a link is phishing.

Does the DWP ever text me a link to claim a benefit?

No. This is the rule that settles every version of this scam. The DWP does not send links to claim, verify, or release a payment. Real benefits and support are paid automatically to eligible people or applied for only on gov.uk, which you reach by typing the address into your browser yourself. A link in a benefit text is always a scam.

What does a real DWP or government claim website look like?

Every genuine UK government service sits under gov.uk, for example gov.uk itself or a service path under it. Any address ending in .vercel.app, .pages.dev, .netlify.app, .com, .co, or .info that claims to be the DWP is fake, even if the words dwp, gov, or energy appear in the link.

I clicked the link and entered my bank details. What now?

Act fast. Call your bank using the number on the back of your card and tell them you may have been phished, freeze or lock the card in your banking app, and watch for unexpected transactions. If you also gave your National Insurance number and personal details, treat it as identity theft: alert your bank, consider a credit freeze, and ignore any follow-up call claiming to be from your bank or a DWP fraud team, as that is part of the same scam.

Why did I get this text if I never applied for any energy support?

Attackers do not target by eligibility. They blast millions of texts to phone numbers bought from data brokers. Most recipients qualify for nothing at all. Being told you have an "unclaimed" allowance is the bait, not evidence you are owed anything.

How do I report a DWP scam text in the UK?

Forward the text to 7726 to flag it with your mobile network. Forward suspicious messages to [email protected], and report the scam to Action Fraud at actionfraud.police.uk or on 0300 123 2040. In Scotland, report to Police Scotland on 101. Then delete the text.

Install SafeBrowz free

Add the browser extension that runs every check in this article automatically, on every page, before it renders. Free forever.

Add to Chrome Add to Firefox Add to Edge