Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – DVLA Car Tax Scam

Motorists in the UK are being targeted by a new wave of DVLA text message and email scams. Criminals posing as the Driver Vehicle Licence Agency (DVLA) are sending out fake messages to motorists in an attempt to maliciously steal data or extort money.

The phishing scam is targeting drivers via text and email messages and relates to a car tax refund. All of the messages refer to a specific refund amount for road tax, but the wording differs slightly on each message.

One of the scams reads: “We would like to notify you that you still have an outstanding vehicle tax refund of £92.31 from an overpayment,” this is then followed by a malicious link.

Another scam reads: “We have identified that you still have an outstanding vehicle tax refund of £61.77 from an overpayment, request your refund.”

Fake text message (Source: Twitter)

Scam of the Week – DVLA Car Tax Scam

Car tax rates have changed twice in the last 12 months which means that a large number of motorists may be confused about the rate of tax they should be paying and unsure if they are entitled to a refund.

The scammers have only been too willing to take advantage of this public confusion as a means of launching their mass phishing scam.

In addition to the text message scams, drivers are also being targeted via email. The emails are well crafted and designed in such a way that they appear to come from a legitimate source. This tricks many unsuspecting users into clicking the dodgy link and handing over sensitive information.

Fake Email (Source: Twitter)

Scam of the Week – DVLA Car Tax Scam

In response to the scams that have been launched this week, the DVLA has informed customers that they do not send out emails or text messages asking for personal details or payment information. The only official place to find their information and services is on GOV.UK

Red flags to look out for on a suspicious email or text message include threatening language, a generic greeting, poor grammar, spelling mistakes, a mismatched URL, claims of prizes or a request for personal information. Legitimate businesses will never send emails or text messages requesting you click on a link to enter or update personal data.

Related reading:

10 signs your smartphone has been hacked

A Quick Guide to Incident Management for Organisations

Top 5 Tips to Beat the Hackers

If you are looking to start a phishing awareness campaign or would like more information on how to protect yourself online, click here to find out how MetaCompliance can help.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations