Aviva logo A warning message from Aviva
Be Scam Aware

From time-to-time Aviva issue circulars to all staff about current ongoing scam activity that either affect or may affect Aviva and its employees / policyholders. I’ve summarised each of the current “threats” below
 

WhatsApp scams impersonating Aviva

A WhatsApp scam has been circulating in Turkey which includes a fake Aviva corporate video. Whilst we are not aware that this has yet hit the UK, we do know that use of technology in this way will only become more sophisticated and convincing.
 

Phishing campaign mimicking NHS messages

A new phishing campaign has been reported whereby emails from spoofed NHS addresses such as NHS.net and NoReplyNHS are being sent containing malicious links.
 
Watch out for subject lines such as –
  • Patient, NHS confirmation required this week
  • Don’t lose NHS benefits — sign form by 04/05
  • Important: NHS compliance needed by May 4th
  • May 4th deadline — NHS digital signature pending
  • Your NHS record is incomplete — fix by May 4th
     

Aviva Brand impersonation Phishing Scams

Reports have been coming in of two new phishing scams:
  1. Home Safety Consultation – which looks to have come from the Aviva UK Customer Safety Team, and asks the recipient to “Confirm delivery details” by clicking on a link to “Confirm Your Safety Consultation Preferences”
     
  2. Free Fire Safety Box – which looks to have come from the Aviva Team and offers the recipient a Free Fire safety Box including 1x Fire Blanket, 1x Smoke Detector, 1x Fire Extinguisher, 1x Escape Plan Guide, 1x First Aid Box, so very similar to the free medical kits (Medicare) scam that started last October.
     

Spoof Aviva direct debit smish

Members of the public and customers are receiving SMS texts that pretend to be from Aviva and claim that a direct debit has been set up with Aviva. The SMS text could read something like –
  • Direct debit to Aviva for 195.00GBP has been setup on 24/01/25.
    Visit your local branch
    Alternatively contact us on 0330 133 3264 for further questions

If people have called the fraudulent telephone number and parted with personal information, then please ask them to report the scam to Aviva using the online Fraud Hub reporting form – Protect Yourself From Fraud – Aviva

If they haven’t, then they don’t need to report it to Aviva. Instead, please ask them to report the malicious text to 7726 (free NCSC service in the UK) and then delete it.
 

A new DocuSign phishing campaign targeting Aviva

There are also new spoof DocuSign phishing emails which are doing the rounds and targeting Aviva employees.

This campaign includes emails which lack content, including only a .pdf attachment and are personalised with either your name in the attachment and Aviva or Aviva Investors mentioned in the subject line.

If you open the pdf you are greeted with DocuSign and Aviva branding and a QR code which directs you to a malicious Microsoft-lookalike sign-in page hosted on a DocuSign link.

Things to look out for – The main signs of phishing here are:

  • The lack of context and empty email body which is suspicious
     
  • The sender’s domain is “boobie-brands.com” which doesn’t seem to have anything to do with DocuSign.
     

Fake PayPal requests with malicious links and scam phone numbers

Several phishing campaigns targeting Aviva recently have been leveraging PayPal to trick recipients into thinking the emails are legitimate. These scam emails purport to have been sent from service@paypal.com, a legit PayPal address, but in reality, the true senders are 3rd parties that are “piggy-backing” on the PayPal domain and hiding behind it, to give the email a false sense of legitimacy. The links in the emails seem to lead to the legit PayPal website, but again, this is a trick used by threat actors to appear legit – in reality, the payment request is completely fictitious. In reality, it’s a trick whereby, if the recipient enters their details in the login page, the threat actors are able to link it to their distribution list and allows them to access the victim's account.
 
 

Clive Wickenden
Operations Manager
Staff Pensions – Trustee Executive Team
 
June 2025