ADVERTISEMENT

“We hit the UK hard:” 9 million targeted in Boots gift scam hosted on hacked government website

Nearly 9 million people were targeted in a phishing campaign impersonating UK retail giant Boots, offering free gifts and customer rewards to steal personal and financial information from unsuspecting consumers.

Boots

Image by Cybernews

Ann-Marie Corvin
Ann-Marie Corvin Senior Journalist
Jun 16, 2026 3 min read
Key takeaways:
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Add us as your Preferred Source on Google.
phishing site
Romanian criminals used Bolivian government domain to host fake Boots website in a scam that targeted 9 million people.

Lure of the free gift

securecheckoutboots
This fake Boots payment page is designed to harvest credit and debit card details. Image by Huntress
ADVERTISEMENT

HMRC and Solana campaigns

“We hit the UK hard”

The South American connection

"The actor had broken into this government site and planted their phishing kit in a /boots_store/ subdirectory. This is a deliberate, and depressingly effective, choice."
Huntress security operations analyst Josh Kiriakoff.

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites

ADVERTISEMENT