UK drivers are being hit with a new round of phishing texts designed to steal their personal data and banking details.
Fraudsters are sending out text messages that appear to come from the DVLA informing the recipient that they’re due a refund for an overpayment on their account.
The message is similar to other scams that have been in circulation although the wording is slightly different. The text reads: “DVLA: We have identified that you still have an outstanding vehicle tax refund from an overpayment. Please follow at https://gov-uk-dvlarefund.com/ to process.”
Image: Fake DVLA Phishing text (source: Twitter)
If the user clicks on the link, they’re redirected through to what appears to be an official government website with a form to update their bank account information.
Of course, the site is nothing more than a cleverly designed phishing website, and as soon as the user enters their financial details, the information is relayed back to fraudsters who will quickly drain their account of any cash.
These scams have become particularly prevalent across the UK and despite repeated warnings about the malicious intent of these messages, many people are continuing to fall for these scams on a daily basis.
The effective lure of a refund can prove particularly enticing for a recipient, and when they see the DVLA branding or the words ‘gov’ or ‘UK’ within the link, it can add further credibility to the message, and many will automatically assume it’s a legitimate request.
The DVLA issued warnings last month urging users to avoid clicking on links, however the new text message phishing scam has prompted them to issue a fresh warning to motorists across the UK: “DVLA is reminding customers that the only official place to find our services and information is on GOV.UK. Cyber scams are common, so we want to help our customers to spot fraudulent activity.
We don’t send emails or text messages that ask you to confirm your personal details or payment information, such as for a vehicle tax refund. If you get anything like this, don’t open any links and delete the email or text immediately.”
To protect yourself from falling victim to a phishing scam, you should follow the below guidelines:
- Never click on links or download attachments from unknown sources.
- Always verify the security of a website.
- Pay close attention to the spelling of an email or web address, if there are any inconsistencies, delete immediately.
- Ignore and delete emails with poor grammar and formatting.
- Install the latest anti-virus software solutions on your devices.
- Use strong passwords to reduce the chance of devices being hacked and use different passwords for different accounts.
If you’re looking to start a phishing awareness campaign or would like more information on how to protect yourself online, get in touch to find out how we can help. MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime.