Company Registry Scam Letter: How Can You Prevent Scams?

19 June, 2024 · 8 min read

Updated: 8 May, 2025

Author

Team ANNA

Avoid falling for fake company registry letters. Learn how to spot a company registry scam and protect your business with these essential prevention tips.

Open a business account with ANNA and get your taxes sorted

With ANNA you get a debit card, automated bookkeeping, a personal payment link, up to 40% cashback and 24/7 customer support

I agree to ANNA’s privacy policy

Why are new companies vulnerable?
5 Common scams targeting new UK businesses you must know about
How can you protect your company from scams?
What to do if you've been targeted?
Let’s recap
Stay safe with ANNA
Keep learning:

The UK experienced a significant surge in new business formations in recent years.

However, newly established companies are increasingly targeted by sophisticated scams, especially company registry scam letters.

According to the UK's Cyber Security Breaches Survey 2025, approximately 3% of all businesses have been victims of fraud resulting from cyber breaches or attacks, which equates to around 40,000 companies.

Read on to find out why new companies are vulnerable, the prevalent scams in 2025, and measures to safeguard against these fraudulent activities.

Let’s dive in!

Why are new companies vulnerable?

New companies are particularly vulnerable due to a combination of factors:

1. Public availability of company information

Upon registration, company details, including the names of directors and their registered addresses, become publicly available on Companies House.

Scammers exploit this information to craft convincing, targeted attacks.

2. Inexperience with regulatory procedures

New business owners are often unfamiliar with legitimate regulatory communications and procedures.

Without a history of dealing with official bodies, it's easier to mistake fraudulent documents for the real thing.

3. Operational pressures

During the early days, founders juggle multiple responsibilities. In the chaos, vetting emails or double-checking payment requests can fall through the cracks.

4. Emotional pressure

Excitement, stress, and urgency are a natural part of launching a company. Scammers exploit these emotions to pressure quick decisions without due diligence.

5 Common scams targeting new UK businesses you must know about

1. Company registry scam letters

Just imagine the scenario.

You’ve paid £50 to register your company with Companies House, and a few days later, an official-looking letter arrives at your registered address telling you that you have to pay extra to ‘confirm’ or ‘activate’ your company.

In some cases, the letter may actually say that it comes from Companies House itself.

This letter appears to be an official document, but it actually requests that you urgently send money to the scammers.

What’s our experience?

A number of ANNA customers contacted our customer support team to report that they’ve received letters from the Company Registry.

The letters:

Come with a reference number and say that the customer’s company status is pending and unclaimed, and that action needs to be taken by paying £47 to activate their account.
Strongly suggest that unless the customer pays the fee quickly, their company will remain ‘pending’ and not be fully activated.

The Company Registry has nothing to do with Companies House, and you can safely ignore the letters, as they are merely an attempt to convince people to sign up for their data storage systems.

To find out more about it and other similar scams, hop to the Companies House website.

2. Fake Companies House scam letters

More worryingly, we’ve also seen fake letters claiming to be from Companies House, telling customers that they need to pay an additional £48 fee for ‘enhanced web filing access’.

The letter has a Companies House logo and looks genuine, but includes a payment URL and QR code that goes straight to the scammer’s bank accounts.

A scam letter claiming to be sent from HMRC

At first glance, the letter looks convincing, but a closer look shows layout mistakes and clumsy grammar.

However, like many scams, the letter tries to panic recipients by saying they have just 7 days to pay.

If you were in a hurry, it would be easy to mistake the letter for a genuine communication from Companies House and end up paying the fee.

Companies House is aware of this scam and has covered it on social media.

Worth knowing: how do fake letters from Companies House look?

Fake letters impersonating Companies House often mimic official correspondence but contain telltale signs of fraud. Here’s how to identify them:

1. Official-looking design

Use of Companies House logos, Cardiff address, or references to "Government Digital Service" to appear legitimate.
Includes company-specific details (name, registration number) sourced from public records.

2. Payment demands

Request £47–£48 for fictitious services, such as "Enhanced Web Filing Access" or "Confirm Your Company Details and Activate Secure Vault".
Threaten suspension of web filing or strike-off for non-payment.

3. Fraudulent tactics

QR codes or shortened URLs directing to phishing sites for payment.
Urgent deadlines, such as a "7-day notice" to pressure recipients.
Bank details for non-UK accounts or payments to "HM Revenue and Customs" (HMRC).

3. Phishing and identity verification scams

In the UK, phishing attacks remain the most prevalent and disruptive, hitting a whopping 85% of businesses and 86% of charities. That's pretty alarming.

The fraudsters, they're getting quite sophisticated, too.

They often send out very convincing emails, specifically targeting directors.

The emails usually require directors to complete an online identity verification process or confirm their identities.

These messages appear urgent and legitimate, often claiming the recipient must complete an online identity verification or risk immediate consequences.

It's all designed to create a sense of panic and pressure.

But behind the polished language and official tone lies a trap.

These emails are carefully engineered to:

Redirect you to fake websites that steal login credentials,
Harvest sensitive data like bank account or credit card details, or
Collect personal information that can be used for identity theft.

4. Business Email Compromise (BEC) and AI-driven fraud

Did you know that in 2024, 93% of UK companies reported being targeted by fraud, with 42% experiencing at least two successful attacks?

According to the same source, financial losses are significant, with 21% of victims reporting average losses of £500,000 per attack.

Traditionally, BEC attacks relied on simple phishing emails to trick you into sharing sensitive information or transferring funds to fraudulent accounts.

However, with AI, scammers can now impersonate executives or other trusted contacts with alarming accuracy.

Imagine the following 2 scenarios:

1. You’ve got the mail 📧

You receive an email from your CEO. It’s written in their exact style: short, direct, maybe even with that familiar "Let’s move fast" tone.

They're asking you to wire funds to a new account urgently. The pressure feels real. The name checks out. The signature looks legit. Would you pause?

2. You’ve got a phone call 📱

Suppose you get a phone call seemingly from a vendor you've worked with for years, but whose voice has been cloned to manipulate you into changing payment details.

Sadly, these aren’t far-fetched scenarios. They're happening now, and thriving, because attackers know how to exploit the trust and familiarity embedded in every workplace.

How do they manage?🤨

Armed with public information such as company websites, social media updates, LinkedIn posts, they craft hyper-targeted messages that feel personal and urgent.

The goal? Always the same:

Trick you into authorising fraudulent transactions,
Steal sensitive data like trade secrets or customer information,
Breach internal systems and networks,

The fallout? Massive financial losses, damaged reputations, and in some cases, lawsuits.

That’s why it’s critical to act. You must prioritise implementing robust security measures and comprehensive employee training programs to combat these evolving threats.

Stay tuned, we’ll cover the security measures in a bit.

5. Facility (account) takeover and money laundering

There has been a dramatic rise in the misuse of company accounts, with a 198% increase in 2024 compared to the previous year.

The modus operandi often involves fraudsters establishing newly formed companies specifically for illicit purposes.

These ‘companies’ might look legitimate on the surface, but behind the scenes, they’re vehicles for laundering stolen funds or accumulating debts with no intention of repayment.

By the time red flags are raised, the damage is done, and the fraudsters have vanished.

So, how do these schemes keep succeeding?

Often, the problem lies within the target companies themselves.

Weak internal controls,
Poor due diligence, and
Lax verification processes provide fraudsters with the perfect opportunity.

No background checks, no red flags, no accountability—and no one notices until it’s too late.

💡 Food for thought

When internal controls are weak, you're not just vulnerable to external attacks. You may be unknowingly partnering with a fraud operation.

How can you protect your company from scams?

Let's explore some of the most effective strategies you can implement today.

1. Secure your company’s digital and legal identity

Register to file online with Companies House and keep your authentication code secure.
This code acts as your digital signature for official filings. Never share it and use a strong, unique combination of letters and numbers.
Consider enrolling in Companies House’s PROOF scheme, which prevents unauthorised changes to your company records.

2. Strengthen cybersecurity

Install and regularly update antivirus software and firewalls on all company devices.
Use strong, unique passwords and require multi-factor authentication (MFA) for all sensitive accounts and logins.

Encrypt sensitive communications and use secure file transfer portals (SFTP) when sharing confidential documents.
Never send sensitive information, such as wire instructions or account numbers, by email unless it is encrypted.

3. Educate and train your team

Provide regular training to all employees on the latest scam tactics and how to spot suspicious communications.
Make it company policy to verify unexpected requests for payments or sensitive information by calling the sender using a known, trusted phone number, not one provided in the suspicious message.
Encourage employees to report any suspicious activity, and foster a culture where it’s safe to question unusual requests.

4. Implement robust internal controls

Separate duties for financial transactions so that no single employee controls all parts of the payment process.
Require dual approval for all outgoing payments, especially wire transfers and changes to vendor payment details.
Regularly review and reconcile bank statements and financial records to spot unauthorised transactions early.

5. Monitor and protect financial assets

Use separate bank accounts for business and personal finances to limit exposure in case of a breach.
Monitor your business credit report and bank accounts for unauthorised activity, and set up alerts for unusual transactions.

6. Be vigilant against unsolicited offers and requests

Treat unsolicited emails, calls, or letters, especially those demanding urgent payment or offering too-good-to-be-true deals, with suspicion.
Always verify the identity of anyone requesting sensitive information or payment, especially if they claim to be from an official body like Companies House.

7. Conduct employee background checks

Run background checks on all new hires to reduce the risk of insider fraud.

8. Insure against fraud

Consider purchasing business insurance policies that cover fraud and identity theft to help mitigate losses if a scam does occur.

Worth knowing

From September 2025, the UK’s new “failure to prevent fraud” offence will hold larger companies criminally liable if they do not implement reasonable fraud prevention procedures.

This legislative change aims to foster a stronger anti-fraud culture and encourage proactive risk management.

What to do if you've been targeted?

If you suspect you’ve been scammed or targeted:

Report it — Contact Action Fraud immediately. They track and investigate business scams.
Alert your bank — If financial information was shared, your bank might be able to freeze transactions or monitor suspicious activity.
Inform Companies House — If you’re asked to pay something, always check with Companies House first. Contact them directly at 0303 1234 500 or email phishing@companieshouse.gov.uk. They can flag suspicious changes or misuse of your company information.
Warn others — By sharing your experience with business communities or networks, you help others stay alert.

Don’t forget:

Companies House doesn’t require additional payments for activation or confirmation — once your company is registered, it’s active
While some interactions with Companies House will have fees, such as late filing of annual accounts, they won’t normally be sprung on you unexpectedly through a letter.
Legitimate invoices usually give you plenty of time to pay, not a rushed 7-day deadline.

Let’s recap

Running a business is a huge achievement — Don’t let scammers take advantage of your hard work.

Vigilance, scepticism, and proactive security measures can make all the difference.

Being aware of common scams and emerging threats is your first line of defence. Always take a moment to pause and verify before acting on requests for money, data, or urgent actions.

However, if you’re feeling overwhelmed by these scams or just want to focus on your business, you should consider an ANNA business account or ANNA +Taxes.

Stay safe with ANNA

ANNA Money, an AI-powered business account and tax app for UK SMEs, employs advanced security measures and partnerships to help you combat financial fraud.

Here’s how we protect your business: