/ Motoring

Did scammers know about my DVLA renewal?

We’ve covered DVLA scams before, but this one caught my eye due to how closely-tied it was to my real vehicle tax renewal. How did the scammers know?

While the last scam DVLA email we looked at told drivers that they were ‘not up-to-date’ with their vehicle tax, this one takes things one step further.

When I received my vehicle tax renewal in the post a while back I, like most people these days, opted to pay it online.

Everything went through as normal, but just two days later, an email appeared in my inbox that made me look twice.

Your latest vehicle tax payment failed

Even though my account flagged the message as spam, the professionally worded subject title, along with the presence of the ‘customer number’ made me open things up for a closer look.

Fortunately the email address it came from acted as a dead giveaway, but the email arriving so close to my legitimate renewal does beg the question; had my data been leaked somewhere? How did the scammers know?

DVLA and Which? advice

I let our consumer rights expert, Amelia Wade, know about the email – she got in touch with the DVLA to ask them about the scam.

Amelia Wade

The DVLA assured us its sytems are secure, built to government standards and checked regularly for any vulnerabilities.

It is, however, good practice to regularly clear your browsing data, keep your browser up-to-date, ensure you’ve got a good antivirus software and have good password hygiene.

Scammers are becoming increasingly conniving, so trust your spam filters and take pause to think if you’re being asked to input payment details after following a URL.

It can’t be ruled out that this case in particular could have been a coincidence – it’s not uncommon for scammers to chance their arm with multiple emails at different times.

With clever DVLA scams targeting drivers regularly, we’ve written a new guide on how to spot them, so you can stay ahead of the fraudsters.

Read our new guide to DVLA scams

We’ve included examples of the scam texts and emails themselves, as well as advice on what to do if you think you’ve followed a scam link.

Have you received a DVLA scam email just days after your real vehicle tax renewal was due? Let us know if they were clever enough for you to open them up, and if your spam filters were on the ball.

Comments
Colin Jex says:
16 February 2019

Link to Guide to DVLA scams does not work – Error 404.

Agreed. Already taken down by scammers???

arnie says:
20 February 2019

Dvla. Cancelled my car tax without any communication and it was about 6 weeks before I realised. …They said they had been told the car had been scrapped. …

This does sound as though data from DVLA is being sold, stolen or passed on by those with access to records. I don’t believe in coincidences like this. Someone knew of your payment, the question is how? Since you will probably never know, and no one will be apprehended for the leak, it will happen to others. Well done to the wonderful internet and all its freedoms!

I agree leaks via DVLA are one possibility. But there are probably other ways of doing it.

For example, see here:

vehicleenquiry.service.gov.uk/ViewVehicle

which I can use to see when a given vehicle’s tax and MoT are due.

You can also write to DVLA to get information on the registered keeper of a vehicle:

gov.uk/request-information-from-dvla

Also, names and address can be obtained from telephone directories and/or electoral registers.

So probably the only clever “data fusion” trick here is getting folks’ actual email addresses.

A read says:
16 February 2019

I made a complaint to the dvla approximately 10 years ago, asking them why where they selling my information on to third parties.. Which they denied. But at the time only my vehicle was registered at the address in my name, all other correspondence was in my partners name and still is. I receive junk mail 3 to 4 weeks after either I change my vehicle or retax a vehicle..

Craig says:
17 February 2019

And if you have an email address that’s been associated with your address on a site that’s been hacked, that’s not even very hard either.

Craig says:
17 February 2019

Suggest people having these issues check https://haveibeenpwned.com it gives details of any known hacks associated with any of your email accounts, my Hotmail one I use for sites like this has been, but my Gmail account has not as I only use it for official purposes.

Steve Radcliffe says:
19 February 2019

I disagree. If they knew, surely they would have had your registration number. The reminders go out at the same time each month, pick this date and there is better than a 1 in 12 chance of such a coincidence (because some people tax cars twice a year).

We renew ours online at home on computers with what we believe have robust internet security in the form of Kaspersky. We have not had any follow-up emails.

George, did you renew yours on your phone, does it have good internet security and what sort of environment were you in at the time?

Morning George, many others have posted since my above post and it seems you are not alone.

K. Smycki says:
16 February 2019

Hello. I read your article on the DVLA scam emails and the coincidence of this scam arriving after tax payment.

I received one right after my MOT. I suspect the DVLA has been hacked no matter what they say about security. 

I recognised  the scam for what it was; the address line was a give away but the body had been copied and pasted, enlarged and was distorted. A kid in his bedroom could have done better. I sent it to the phishing addresses for the government and the police.  

K. Smycki

Margaret Knowles says:
16 February 2019

I had this happen just after Christmas, but in my case I renewed at the Post Office and not on line. I wondered at the time how this had happened as I had not been on line for this transaction and had taken the relevant form to the Post Office. I have since had two other scam attempts. One I have forgotten the details but the other was purportedly from Apple saying my access had been blocked and y should give various details to have it unblocked. This came from a dubious sender!

I have received loads of scam emails supposedly from my bank. Say that everyone has a bank account with one of 6 banks, one in six of the emails will initially appear genuine to the receiver. So 17% plausible.

As most drivers will renew road tax on line and as most cars’ road tax running from 1 Sept or 1 March, say 25% of registrations Sept and 25% March, an email received in September or March would appear plausible to 25% of the recipients. That is a pretty good hit rate. Other months the likelihood is 5%. Even at 5% 100,000 sent emails would look plausible to 5,000 recipients. Even if 1% fall for it would result in full credit card details on 50 people. It is a numbers game. Those who receive these emails and know they have not recently paid their road tax will ignore it as an obvious scam but those where the timing makes it plausible will report it as they were on the verge of being taken in.

There is a similar on line scam about TV licence payment failure

Cathie says:
16 February 2019

I’ve had those too but despite continually reporting them as phishing, they still keep coming!)

Brian says:
17 February 2019

I used to get it on my DD BT phone bill, saying it had not gone through and I needed to confirm my details. Did not fall for it as it had gone out of my bank A/C. I blame this on lots of admin.things going to India. 18yrs BT employee, now retired.

Craig says:
17 February 2019

Why would reporting them stop them? They don’t come from the government and yes reporting them is good so that particular source will stop but there are plenty of other source for these scams and once your email address has been released lots of different scammers will be able to find it and hit your email account.

Charlie says:
16 February 2019

My car tax for two cars an bike are on direct debit and have been gf or some time. When I sold one of the cars last year to a family member (so not advertised anywhere) a couple of weeks later I received s scam email notifying me that I’m owed a refund of road tax but it could not be transferred due to a technical error and also included a link back to the DVLA to update my details.
Fortunately a quick calculation told me the amount was wrong and the sent from email was wrong and I also know the DVLA don’t do emails like that.but that said it was very well timed and made me think that someone has more access to the DVLA data than we know about! Be careful and check who any financial related emails are sent from!

Craig says:
17 February 2019

I get road tax and income tax refund emails all the time, and as someone already explained, if you send millions of these emails, you only have to have a fraction of a percent of people respond to get lots of details. Just check the email address (the actual one in the details section, not the aliased one you see initially) to see if it’s genuine, this will normally be enough to know it’s fake. I have noticed that some are getting better so it’s very close to the genuine address (they all use to be terribly different to the address they were aliasing).

Cathie says:
16 February 2019

I keep having similar emails regarding direct debits for my TV licence! I have reported them as phishing but they still come. They are also quite official looking (they had even put ‘this email is from a trusted sender’ printed at the bottom!) but as I am aware of scames and it was addressed ‘Dear Customer’. I haven’t clicked of course :-). A while back I was receiving emails purtotably from HMRC telling me I was due a tax rebate. I don’t pay tax so that amused me!

David T says:
16 February 2019

The clue is also within the threat of a fine because we are liberty to renew or not. No way is it an outstanding debt which requires this heavy handed approach.
If an individual chooses not to renew but continues to use the vehicle then there is the risk of being caught breaking the law. Register as SORN while out of use…no problem!

The DVLA data is shared with Capita (was IBM) in order for them to run the Congestion Charge. Both of these companies hold data outside the UK and the EU. Who knows who has access to it and from where ?

Howard Walker says:
16 February 2019

Simple to find out when someone’s car is due for renewal. Lots of apps on the play store will tell you. Just enter the make and registration and it’s available to all.
From there it’s just a case of sending out suitable letters. You have a 50 50 chance of success.

Craig says:
17 February 2019

Bit more complex than that, you need a source of registration address for the vehicle, you then need to associate an email address with that property address then you can use the simple apps you talk about. Still not a sure thing for them but by doing it that way there probably of success improves from fractions of a percent to actual percentage points.

When I have renewed my vehicle tax online I have been informed that the process has been successful, so I would be very suspicious if received an email to say that it had been unsuccessful.

I’m glad that George did not fall for the scam, but I wonder what the consequences would be for someone who was a victim of this scam.

I’m one of the dumbbells who fell for it because it came after I got a new card I tend to agree that it was luck on their part total coincidence they got £4 off me before I realised what was going on but weeks of hassle with bank etc I certainly won’t be falling for it again
Andrew

I’m sorry to hear that, Andrew. There are so many scammers and opportunists that rely on coincidence to make their victims more receptive.

The bit that is frightening is the government stating that their systems are secure.

A few years ago they were trying to extradite a guy who hacked into the pentagon – if that is possible by a single guy, who is the idiot stating that the UK government systems are secure ?

In computing terminology, the word ‘secure’ has a slightly different meaning to normal. Essentially, no computer system can ever be 100% secure in any sense of the word.

Andrew, as the above discussion shows, this case does not prove that the DVLA systems have been hacked or that DVLA staff have stolen and data and sold it on to scammers.

DVLA are quoted here as saying:

“The DVLA assured us its systems are secure, built to government standards and checked regularly for any vulnerabilities.”

But that’s only a bit like me saying: “My car is safe, was built in accordance with constructions and use regulations and has a current MoT”.

I think my house is safe too, because I’ve never seen any evidence that anyone has entered it and gone through my stuff, e.g. while I was asleep or while I was out.

Would we really want the Government to say “We have all your data. We know our servers aren’t completely secure, but that’s just your tough luck!”

I also received this email some weeks ago, the fact that you received it shortly after having renewed your car tax is pure coincidence, nothing more. They send thousands of these messages so it’s inevitable that some will go to those who have genuinely just renewed. I knew it to be a scam immediately as I am disabled & have a motability vehicle so I don’t have to pay vehicle tax, though I do have to renew each year. Also it was received months after my renewal date. These can be forwarded to nfibphishing@city-of-london,pnn.police.uk they investigate scam email & those who have been defrauded as a result.

Gillian Hughes says:
17 February 2019

I had the “problem with my bank payment” supposed to be from DVLA. Thankfully my spyware filtered it as spam and wouldn’t let me open it. Well done Bitdefender.

Push Shah says:
19 February 2019

Could the postman be involved …? Just a possibility….

Diane says:
20 February 2019

I had a message supposedly from the DVLA within a week of taxing my vehicle.. saying I’d overpaid in the past and was entitled to £148 back, but had to claim it immediately on that day or I would lose it… looked very genuine with logo on, but the must claim today sent alarm bells ringing and I ignored it… but it does make you wonder how the scammers know

Steve R says:
20 February 2019

They only have to put your registration number in the government site to check when you tax is due and if you have renewed it , so simple if they took your reg number from your car on your drive they have your address also.

Indeed – then they just have to get your name and email address somehow…

I recieved the same email saying there was a problem with my bank details just days after renewing my car tax and yes it did look genuine.