Scam of the Week – DVLA Car Tax Scam

April 26, 2018 10:20 am Geraldine Strawbridge

Motorists in the UK are being targeted by a new wave of DVLA text message and email scams. Criminals posing as the Driver Vehicle Licence Agency (DVLA) are sending out fake messages to motorists in an attempt to maliciously steal data or extort money.

The phishing scam is targeting drivers via text and email messages and relates to a car tax refund. All of the messages refer to a specific refund amount for road tax, but the wording differs slightly on each message.

One of the scams reads: “We would like to notify you that you still have an outstanding vehicle tax refund of £92.31 from an overpayment,” this is then followed by a malicious link.

Another scam reads: “We have identified that you still have an outstanding vehicle tax refund of £61.77 from an overpayment, request your refund.”

Fake text message (Source: Twitter)

Car tax rates have changed twice in the last 12 months which means that a large number of motorists may be confused about the rate of tax they should be paying and unsure if they are entitled to a refund.

The scammers have only been too willing to take advantage of this public confusion as a means of launching their mass phishing scam.

In addition to the text message scams, drivers are also being targeted via email. The emails are well crafted and designed in such a way that they appear to come from a legitimate source. This tricks many unsuspecting users into clicking the dodgy link and handing over sensitive information.

Fake Email (Source: Twitter)

In response to the scams that have been launched this week, the DVLA has informed customers that they do not send out emails or text messages asking for personal details or payment information. The only official place to find their information and services is on GOV.UK

Red flags to look out for on a suspicious email or text message include threatening language, a generic greeting, poor grammar, spelling mistakes, a mismatched URL, claims of prizes or a request for personal information. Legitimate businesses will never send emails or text messages requesting you click on a link to enter or update personal data.

Related reading:

10 signs your smartphone has been hacked

A Quick Guide to Incident Management for Organisations

Top 5 Tips to Beat the Hackers

If you are looking to start a phishing awareness campaign or would like more information on how to protect yourself online, click here to find out how MetaCompliance can help.