/ Technology

Motorists: watch out for this new DVLA scam

Forever trying to get their hands on your hard-earned savings or personal data, scammers have devised yet another crafty scam. Here’s what to watch out for.

Scammers are once again posing as the DVLA in an attempt to con you out of your money.

Last time, they were tricking people into paying for driving licence renewals.

This time, they’re threatening final warnings for out-of-date vehicle taxes unless you pay up. And it’s quite convincing if you don’t know what to look out for.

It’s clearly no longer enough to send emails with poor spelling and grammar, asking for money to secure a big cash payment from a Nigerian prince or telling you you’ve won an international lottery…

Today’s scammers are far more sophisticated and you can easily fall victim unless you approach all emails which come out of the blue as a potential threat.

What to look out for

The DVLA vehicle tax email has all the hallmarks of a classic phishing scam if you look closely.

This is a copy of the scam email sent to a colleague:

You’ll see that while the sender identifies as the Driver and Vehicle Licensing Agency, the email address is totally unrelated. Always make sure the email address comes from the official source.

The email server has identified this email as spam. Pay attention to this as they’re very apt at identifying spam or scam emails.

The threatening language in the email (tax your car … today to avoid unpleasant consequences) is also a red flag. Scammers do this to pressure you into acting quickly and not thinking through your actions properly.

Staying safe

So, would you have fallen for this phishing email? Here’s some advice from the DVLA’s to avoid being scammed:

  1. The DVLA will never send emails or texts which ask you to confirm your personal details or payment information.
  2. If you get any emails or messages asking for this, never open any links and delete it immediately.
  3. You should always report any scam to Action Fraud so it can be investigated. We have more free advice on how to report a scam on our Consumer Rights pages.
  4. Make sure you respond to emails that end in gov.uk to make sure you’re dealing with them directly.
  5. Never share images on social media that contain personal information, like your driver’s licence or vehicle registration papers.
  6. Always report misleading adverts to search engines.

How to spot a phishing scam

There are other tricks to stay ahead of the scammers. For example, always check the contact details and branding at the bottom. Are they what you’d expect and do they look legitimate?

You should also be very wary if an email is asking you to update or re-enter your personal or bank details out of the blue – it is likely going to be a scam.

We have more advice on how to spot an email scam and how to spot a fake website for free over on the main Which? site.

Have you been sent any particularly convincing scam emails recently? Or have you fallen for one? Share your experience.


This comment was removed at the request of the user

Maybe that’s why Which? has followed the Yanks and mis-spelt ‘licence’ in point 5 above.

Quite so, Brian.

Supposedly, a ‘licence’ (noun) is what you get when you ‘license’ (verb) your car, but In fact it’s neither of those – cars are ‘registered’ to a particular keeper and vehicle excise duty is paid to maintain the registration. Drivers are licensed. It would be a bit cumbersome to call the authority the Driver Licensing and Vehicle Registration Agency.

On top of that the use of apt in the sentence “they’re very apt at identifying spam” is incorrect. The word adept would be more suitable and actually express what the writer was trying to say.

You’re not wrong to point this out, Brian and John. I’ve updated the article. 🙂

A J Barter says:
27 October 2018

But you still haven’t changed “apt” to ADEPT

I actually know when mine is due, but any scam would be more effective if it was sent as a renewal E.mail at that time. I do go to the correct site to do this, but it would be easy to click on a link and pay without thinking. Duncan’s comment about most scams emerging from the other side of the Atlantic ought to be a useful tool for government and organisations like Which, who can give advanced warning about what is likely to hit our screens shortly.

Giving scammers advice on how to get you to pay up? Nice idea(!)

This comment was removed at the request of the user

I suggest that any web address or email address being used in a scam is made inactive as soon as possible. Does anyone know how long this would take once the problem is identified?

Like other official websites, that for DVLA includes http://www.gov.uk https://www.gov.uk/government/organisations/driver-and-vehicle-licensing-agency

The advice given is obviously helpful – but it does reflect the specific email program/app, and many potential victims use other apps. The advice does assume the reader has actually opened the dodgy email, which is itself potentially dangerous. Hovering the cursor (if possible!) over the sender’s name in a message list may tell you where it’s actually come from, which can be helpful.

To my mind, the whole problem stems from the early days of emails in universities, where it was simply assumed that senders were honest. Acting on this, those who set standards for handling emails allowed senders to put whatever they liked in the “From” field. (Worse, they created a “Reply-to” field, which meant that an unsuspecting recipient replying to an email wouldn’t realise where their message might be going.) At the time, this was less problematic than now, since recipients of emails could see all the info in the headers attached to emails, nowadays suppressed by most email clients. This grumpy old man would like to ban many of these header fields, so that recipients would just see the actual email address from which a message comes.

End of rant. Thanks for reading this – if you have!

This comment was removed at the request of the user

A J Barter says:
27 October 2018

Sexist? Come on, what utter rubbish. If we assume that EEB is in fact a man, how by any stretch of the imagination can it be sexist for HIM to describe HIMSELF as a grumpy old man?
And Waitrose changing the name of a sandwich? For some reason “lily livered” springs to mind! Or is this sexist because Lily is a a name generally (but not necessarily exclusively) given to female persons or animals?

As there seem to be a whole spectrum of sexes, I wonder when it will be made law that only “person” can be used. Good grief, have we nothing better to do than bother about such irrelevant trivia in case we offend someone who is waiting to be offended? Personally, as a gentleperson, I’m happy to continue to see actors and actresses, authors and authoresses, princes and princesses, chairmen and charladies, manhole covers……………. 🙁

…Doctors and Doctoresses… Pity there’s so much history involved.

This comment was removed at the request of the user

Feminist anger – these small groups seem to be very vocal and not representative of ordinary chaps and chapesses. Why we have to submit to their demands beats me. We need to man up.

This comment was removed at the request of the user

No. Whether it is right or wrong as a statement of fact it seems quite reasonable to make the proposition.
One of the most influential studies in the field, published in 2001 by pioneering personality researchers Paul Costa, Robert McCrae and Antonio Terracciano, involved over 23,000 men and women from 26 cultures filling out personality questionnaires. Across these diverse cultures, including Hong Kong, USA, India and Russia, women consistently rated themselves as being warmer, friendlier and more anxious and sensitive to their feelings than did the men. The men, meanwhile, consistently rated themselves as being more assertive and open to new ideas. In the jargon of personality psychology, the women had scored higher on average on Agreeableness and Neuroticism and on one facet of Openness to Experience, while the men scored higher on one facet of Extraversion and a different facet of Openness to Experience.

Should I await being moderated? Probably for being wildly off-topic. I’ve just noticed the title of this convo. Not sure how this particular line of discussion developed.

This comment was removed at the request of the user

Nope. There’s two of us, duncan 🙂

Bishops and bishopesses

Carole says:
27 October 2018

We are being plagued by telephone calls from scammers claiming to be from BT saying they’ve noticed problems with our internet. The caller’s number isn’t always withheld but seems to be from the Manchester area. I assume it’s a spoofed number, but after reading this article I thought maybe I should make a report to the fraud action line. Only problem is they seem to only want reports from victims or a witness and I don’t think I fit either of those categories.

Apart from the helpful reminders to be vigilant about scams of one kind or another, it is so pleasing to know that political incorrectness still thriving 🙂

I knew my Road Tax was due for renewal, I recieved thru the post the renewal letter, went online to renew it, I logged on to the official website and kept getting the message, this site is not secure, so I telephoned and renewed that way.

This comment was removed at the request of the user

Is there any evidence that the DVLA is “sending third party data to the USA”?

Just because a website is not classified as secure does not mean that its operator is routinely disclosing private information to foreign countries [although the DVLA might have to share some information about vehicles and their registered keepers with overseas law enforcement agencies]. DVLA and other government agencies are all subject to the GDPR.

At least there is a telephone service for VED renewals where you can give your private information and credit or debit card details to a call centre clerk safe in the knowledge that it won’t go anywhere else.

This comment was removed at the request of the user

I appreciate that Duncan – I hadn’t realised that you were referring to the transfer of data for storage purposes. I don’t see any problem with that – it does not mean it is accessible to unauthorised third parties [i.e. neither the DVLA nor the registered keeper who are the first and second parties, and insurance companies, local authorities and authorised parking enforcement companies which can also interrogate DVLA records as approved third parties]. Obviously the police and security services in the UK can also access DVLA data but no one else should be able to do so except under a court order. I would imagine there are agreements with the data storage operators to prevent unauthorised access or misuse of data. I should be most surprised if the DVLA did not have this under strict control as required by the GDPR.

Why are you always thinking that people want to dispute things with you such that you build up a stockpile of ammunition with which to knock them down? You do seem to like imputing improper motives to people you deal with here. I don’t know how you find the time among your normal domestic and personal activities to do all this background and undercover work unless you feel threatened by the community in some way.

This comment was removed at the request of the user