Last week’s scam showed how scammers don’t always need to use a big-name brand to trick us into clicking a phishing link. However, well-known organisations can be a useful spoof as this week’s scam demonstrates.
The DVLA is no stranger to scams. If you search online, you can find DVLA related scams going back years. So, it is no surprise that a DVLA tax scam email is doing the rounds…yet again…
The DVLA Scam – what is it about this time?
The DVLA scam is, once again, email based. Email is a useful conduit for the scammers’ box o’ tricks as it is easy to obtain genuine email addresses. A cybercriminal can buy 1000s of them from various darknet sites for a few pounds. Or they can even guess them. It only takes one or two to be successful to hit the jackpot.
The DVLA scam this time around is focused on car tax.
The scam email begins by saying that you made an attempt to pay vehicle tax which has subsequently failed. It then applies the well-used phishing rouse of urgency and punishment; if you don’t sort this out by clicking on the link, you’ll be fined a £1,000!
The link, which says it will take you to “Update and verify your billing details”, actually takes you to a spoof site. The site is branded to look like the real DVLA site. The site asks you to enter personal data such as name, address, and also National Insurance Number. If you do so, these data will be sent over to the cybercriminal behind the scam and used to commit fraud using your identity.
The scam email applies other tricks to get you to click the link:
- The salutation – often phishing emails are poorly executed and do not have any salutation. However, this DVLA scam does use one. The salutation used is formed from your email address. If your email address is firstname.lastname@example.org it would resolve this to Dear john.smith – so you may not notice this is an automated ‘hello’ and think it really is from the DVLA.
- It uses a secondary backup link; in case you are suspicious. This is in the box at the bottom of the email. The link is there to allow you to view an “Open Government Licence” which sounds very official so it must be real? Right? The link takes you to the same spoof site as the central link.
The Cabinet Office in their report “The Cost of Cybercrime” estimate the annual cost of cybercrime in the UK is around $27 billion. Scams like this one add to that figure. Be aware that the DVLA scam can take many forms, this is just one of them.
You can find out how to report a government branded phishing email using Gov UK’s website.
Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:
The DVLA Tax Scam
A phishing email that looks like it is from DVLA is the latest scam to hit people’s inboxes. Watch out for an email supposedly from DVLA which says you have applied for car tax, but the application failed. It will ask you to click on a link to sort out your car tax or be fined!
If you receive an email like this or something similar – DO NOT click on any links in the email. If you do, DO NOT enter any details into the website you are taken to – this is a spoof site and your personal data will be used to commit fraud.
Don’t forget to share this with your colleagues and friends and help them stay safe.
Let’s keeping breaking scams!