PanicStation.org
UK USA
uk Legal, police, prison & official contact urgent identity document request • compliance review notice • 48 hour deadline letter • verify if notice is real • government impersonation scam • official looking email scam • asked for passport scan • asked for driving licence copy • asked for proof of address • provide id documents safely • phishing with reference number • unexpected compliance review • suspicious deadline pressure • confirm agency contact details • action fraud reporting • report phishing email uk • 7726 scam text report • document upload security • identity theft prevention • stop and verify first

What to do if…
you receive a compliance review notice asking for identity documents within 48 hours

Short answer

Pause and verify the notice using trusted contact details you find independently (not the ones in the message). Do not send ID documents until you’ve confirmed who is requesting them and how they want them provided securely.

Do not do these things

  • Don’t click “upload” links or QR codes in the notice until you’ve verified the sender through an official website or known account.
  • Don’t email scans/photos of your passport or driving licence as a first step, especially to a new address.
  • Don’t call phone numbers shown in the notice if you’re not sure it’s genuine.
  • Don’t let “48 hours” push you into rushing; urgency is a common tactic in impersonation scams.
  • Don’t share extra documents “just in case” (full bank statements, NI number, selfies with ID) unless you’ve confirmed they’re required.

What to do now

  1. Save what you received, exactly as-is. Screenshot the message/letter, keep attachments, and keep the envelope if posted. Note the date/time it arrived and the deadline it claims.
  2. Verify the sender using independent details (not the notice).
    • If it claims to be a government body, regulator, police, or court: find the official contact page yourself (for example via GOV.UK) and contact them using those details.
    • If it claims to be your bank, employer, solicitor, or service provider: use the phone number inside your app, your card, a prior genuine letter, or an official website you navigate to yourself.
  3. Ask for specifics before you send anything (via a verified channel).
    • “Is this request genuine and logged on my account/case?”
    • “Exactly which documents do you require and why?”
    • “What is the secure method for providing them (portal/post/in-person)?”
    • “Can you extend the deadline while I verify the request?”
  4. If it’s an email or text and you’re unsure, report it before engaging.
  5. If the request turns out to be real, use a safer way to provide documents.
    • Prefer a secure portal you access by typing the known official web address yourself (not via the email link).
    • Ask whether they accept certified copies or in-person verification instead of high-quality scans.
  6. Minimise what you share (only what was requested).
    • Provide only the specific pages/sides requested.
    • If proof of address is needed, use a suitable document but avoid sharing unnecessary transaction detail where possible.
    • If you’re uploading an image, consider adding a clear note on the image (for example “For [Organisation] compliance review only, [date]”) so it’s harder to reuse elsewhere.
  7. If you already clicked a link, uploaded documents, or gave details, switch into containment mode.
    • Stop further contact through that channel.
    • Contact the real organisation using verified details to flag possible impersonation.
    • Change passwords on any account you used in the process and enable 2-step verification where available.
    • If you think you’ve been defrauded (or money was requested/lost), report it to Report Fraud (the national fraud and cyber crime reporting service).

What can wait

  • You do not need to decide right now whether the sender is “definitely a scam” or “definitely real” — you only need to verify via trusted channels.
  • You don’t need to gather every possible identity document; wait until you’ve confirmed exactly what’s required.
  • You don’t need to write a long explanation or defence in the moment; focus on verification and safe delivery first.

Important reassurance

Feeling pressured by an official-looking deadline is normal — that’s why these messages work. Taking a short pause to verify before sharing identity documents is a sensible safety step, not “non-compliance”.

Scope note

This is first-step guidance for handling an urgent ID-document request safely. If it becomes a formal dispute (for example, threatened account closure, enforcement action, or legal proceedings), you may need specialist advice, but you can still protect yourself right now by verifying and minimising disclosure.

Important note

This is general information, not legal advice. Processes vary by organisation and case type. When in doubt, use independently found official contact details and avoid sending identity documents through unverified links or email.

Additional Resources
Support us