/ Technology

Motorists: watch out for this new DVLA scam

Forever trying to get their hands on your hard-earned savings or personal data, scammers have devised yet another crafty scam. Here’s what to watch out for.

Scammers are once again posing as the DVLA in an attempt to con you out of your money.

Last time, they were tricking people into paying for driving licence renewals.

This time, they’re threatening final warnings for out-of-date vehicle taxes unless you pay up. And it’s quite convincing if you don’t know what to look out for.

It’s clearly no longer enough to send emails with poor spelling and grammar, asking for money to secure a big cash payment from a Nigerian prince or telling you you’ve won an international lottery…

Today’s scammers are far more sophisticated and you can easily fall victim unless you approach all emails which come out of the blue as a potential threat.

What to look out for

The DVLA vehicle tax email has all the hallmarks of a classic phishing scam if you look closely.

This is a copy of the scam email sent to a colleague:

You’ll see that while the sender identifies as the Driver and Vehicle Licensing Agency, the email address is totally unrelated. Always make sure the email address comes from the official source.

The email server has identified this email as spam. Pay attention to this as they’re very apt at identifying spam or scam emails.

The threatening language in the email (tax your car … today to avoid unpleasant consequences) is also a red flag. Scammers do this to pressure you into acting quickly and not thinking through your actions properly.

Staying safe

So, would you have fallen for this phishing email? Here’s some advice from the DVLA’s to avoid being scammed:

  1. The DVLA will never send emails or texts which ask you to confirm your personal details or payment information.
  2. If you get any emails or messages asking for this, never open any links and delete it immediately.
  3. You should always report any scam to Action Fraud so it can be investigated. We have more free advice on how to report a scam on our Consumer Rights pages.
  4. Make sure you respond to emails that end in gov.uk to make sure you’re dealing with them directly.
  5. Never share images on social media that contain personal information, like your driver’s licence or vehicle registration papers.
  6. Always report misleading adverts to search engines.

How to spot a phishing scam

There are other tricks to stay ahead of the scammers. For example, always check the contact details and branding at the bottom. Are they what you’d expect and do they look legitimate?

You should also be very wary if an email is asking you to update or re-enter your personal or bank details out of the blue – it is likely going to be a scam.

We have more advice on how to spot an email scam and how to spot a fake website for free over on the main Which? site.

Have you been sent any particularly convincing scam emails recently? Or have you fallen for one? Share your experience.


Its “funny ” how all scams of this “government authority ” type start being used in the US . The scammers have gone through the lot in America and even if its the States the same principles apply and help is given by the US government click on the links for info https://www.usa.gov/common-scams-frauds

Maybe that’s why Which? has followed the Yanks and mis-spelt ‘licence’ in point 5 above.

Quite so, Brian.

Supposedly, a ‘licence’ (noun) is what you get when you ‘license’ (verb) your car, but In fact it’s neither of those – cars are ‘registered’ to a particular keeper and vehicle excise duty is paid to maintain the registration. Drivers are licensed. It would be a bit cumbersome to call the authority the Driver Licensing and Vehicle Registration Agency.

On top of that the use of apt in the sentence “they’re very apt at identifying spam” is incorrect. The word adept would be more suitable and actually express what the writer was trying to say.

You’re not wrong to point this out, Brian and John. I’ve updated the article. 🙂

A J Barter says:
27 October 2018

But you still haven’t changed “apt” to ADEPT

I actually know when mine is due, but any scam would be more effective if it was sent as a renewal E.mail at that time. I do go to the correct site to do this, but it would be easy to click on a link and pay without thinking. Duncan’s comment about most scams emerging from the other side of the Atlantic ought to be a useful tool for government and organisations like Which, who can give advanced warning about what is likely to hit our screens shortly.

Giving scammers advice on how to get you to pay up? Nice idea(!)

Andy “giving scammers advice etc ” ? – please elucidate and I don’t mind you getting “technical ” .

I suggest that any web address or email address being used in a scam is made inactive as soon as possible. Does anyone know how long this would take once the problem is identified?

Like other official websites, that for DVLA includes http://www.gov.uk https://www.gov.uk/government/organisations/driver-and-vehicle-licensing-agency

The advice given is obviously helpful – but it does reflect the specific email program/app, and many potential victims use other apps. The advice does assume the reader has actually opened the dodgy email, which is itself potentially dangerous. Hovering the cursor (if possible!) over the sender’s name in a message list may tell you where it’s actually come from, which can be helpful.

To my mind, the whole problem stems from the early days of emails in universities, where it was simply assumed that senders were honest. Acting on this, those who set standards for handling emails allowed senders to put whatever they liked in the “From” field. (Worse, they created a “Reply-to” field, which meant that an unsuspecting recipient replying to an email wouldn’t realise where their message might be going.) At the time, this was less problematic than now, since recipients of emails could see all the info in the headers attached to emails, nowadays suppressed by most email clients. This grumpy old man would like to ban many of these header fields, so that recipients would just see the actual email address from which a message comes.

End of rant. Thanks for reading this – if you have!

EEB – Which ? + I and other regulars have posted many times on not clicking on an email link and do you know that just opening the email now allows the sender to –
1- know you have done that .
2-allows collection of some of your data .
3- the email address of the sender if you are blocking it is not the first heading but is enclosed in the back and forward arrows
There is more but I don’t want to appear “too technical ” .
I also don’t like this “grumpy old man ” statement as its sexist , especially when today’s news is about Waitrose selling a “male sandwich ” which they were forced to remove due to complaints of “sexism ” .
Why apolgise for being critical I am every day and so are others here when you cant do that then life as we know it comes to an end.

A J Barter says:
27 October 2018

Sexist? Come on, what utter rubbish. If we assume that EEB is in fact a man, how by any stretch of the imagination can it be sexist for HIM to describe HIMSELF as a grumpy old man?
And Waitrose changing the name of a sandwich? For some reason “lily livered” springs to mind! Or is this sexist because Lily is a a name generally (but not necessarily exclusively) given to female persons or animals?

As there seem to be a whole spectrum of sexes, I wonder when it will be made law that only “person” can be used. Good grief, have we nothing better to do than bother about such irrelevant trivia in case we offend someone who is waiting to be offended? Personally, as a gentleperson, I’m happy to continue to see actors and actresses, authors and authoresses, princes and princesses, chairmen and charladies, manhole covers……………. 🙁

…Doctors and Doctoresses… Pity there’s so much history involved.

Yes its sexist , its labeling for which I have been censored for in the past .
Quite vigorously, right I will turn this around .
What if I said –“a grumpy old spinster ” would that be acceptable to those monitoring this website ?
Well I have put LESS than that and got into trouble , one law for one sex and one for another I find that –in your parlance -rubbish yet I am in trouble for it .
Waitrose changed the name of the sandwich because of feminist anger as the large sandwich was aimed at males yet every day we see adverts aimed exclusively at females where males could be mentioned , where,s the legal justice , moral justice in that ?

Feminist anger – these small groups seem to be very vocal and not representative of ordinary chaps and chapesses. Why we have to submit to their demands beats me. We need to man up.

But they do submit to their demands and much more malcolm .
Do you know what I was severely censored for on Which ? website? -and before I say it I am forced to apply the words -IMO- as directed by Which ?
IMO-in my opinion – I made the severe mistake of saying – again -IMO- that females are more sociable than males- something I have spent my whole life observing – yet that comment on Which ? – got me “timed out ” .
Question do you think that is fair ?

No. Whether it is right or wrong as a statement of fact it seems quite reasonable to make the proposition.
One of the most influential studies in the field, published in 2001 by pioneering personality researchers Paul Costa, Robert McCrae and Antonio Terracciano, involved over 23,000 men and women from 26 cultures filling out personality questionnaires. Across these diverse cultures, including Hong Kong, USA, India and Russia, women consistently rated themselves as being warmer, friendlier and more anxious and sensitive to their feelings than did the men. The men, meanwhile, consistently rated themselves as being more assertive and open to new ideas. In the jargon of personality psychology, the women had scored higher on average on Agreeableness and Neuroticism and on one facet of Openness to Experience, while the men scored higher on one facet of Extraversion and a different facet of Openness to Experience.

Should I await being moderated? Probably for being wildly off-topic. I’ve just noticed the title of this convo. Not sure how this particular line of discussion developed.

Thank you for that malcolm I thought I was on my own .

Nope. There’s two of us, duncan 🙂

Bishops and bishopesses

Carole says:
27 October 2018

We are being plagued by telephone calls from scammers claiming to be from BT saying they’ve noticed problems with our internet. The caller’s number isn’t always withheld but seems to be from the Manchester area. I assume it’s a spoofed number, but after reading this article I thought maybe I should make a report to the fraud action line. Only problem is they seem to only want reports from victims or a witness and I don’t think I fit either of those categories.

Apart from the helpful reminders to be vigilant about scams of one kind or another, it is so pleasing to know that political incorrectness still thriving 🙂

I knew my Road Tax was due for renewal, I recieved thru the post the renewal letter, went online to renew it, I logged on to the official website and kept getting the message, this site is not secure, so I telephoned and renewed that way.

Your “darn tooting ” as Americans say Chris !
I find this disgusting that an arm of government is sending third party data to the USA .
My browser automatically using my blockers blocked the Jscript as “unsafe ” –blocked Amazon and Google on another blocker – HTTPS Anywhere also blocked it and there is NINE cookies on it .
Remote fonts are also blocked where data collection using new methods can be used it just gets worse.
IF it was our authorities only yes okay but not the bunch of third party data thieves attached to it.

Is there any evidence that the DVLA is “sending third party data to the USA”?

Just because a website is not classified as secure does not mean that its operator is routinely disclosing private information to foreign countries [although the DVLA might have to share some information about vehicles and their registered keepers with overseas law enforcement agencies]. DVLA and other government agencies are all subject to the GDPR.

At least there is a telephone service for VED renewals where you can give your private information and credit or debit card details to a call centre clerk safe in the knowledge that it won’t go anywhere else.

John -before I add an app to my browsers I have spent weeks checking it out making sure it comes from high tech website , is open source ( if possible ) and comments from software engineers not users as to how reliable it is how good it is and whether it itself “phones home ” .
If a tracker is based in the USA thats where the data goes not into 45 Primrose Lane NW 5 .
I have spent years finding out where data is help on us and the bulk is the USA , that’s not including the NSA/GCHQ/FBI/CIA etc but commercial companies .
China is catching up though .-

United States:-Google Data Centers

Berkeley County, South Carolina 33°03′50.8″N 80°02′36.1″W since 2007, expanded in 2013, 150 employment positions
Council Bluffs, Iowa 41°13′17.7″N 95°51′49.92″W announced 2007, first phase completed 2009, expanded 2013 and 2014, 130 employment positions
Douglas County, Georgia 33°44′59.04″N 84°35′5.33″W since 2003, 350 employment positions
Jackson County, Alabama[3]
Lenoir, North Carolina 35°53′54.78″N 81°32′50.58″W announced 2007, completed 2009, over 110 employment positions
Montgomery County, Tennessee 36°37′37.7″N 87°15′27.7″W announced 2015
Pryor Creek, Oklahoma at MidAmerica Industrial Park 36°14′28.1″N 95°19′48.22″W announced 2007, expanded 2012, 100 employment positions
The Dalles, Oregon 45°37′57.04″N 121°12′8.16″W since 2006, 80 full-time employment positions
Henderson, Nevada announced in 2018 : 1,210 acres of land bought in 2017 in the Tahoe Reno Industrial Center[4] ; project approved by the state of Nevada in November 2018[5]

Dublin Data Center sends UK data to the USA.
This is just one of a myriad of different companies –
Gravatar -well know data collector goes to China
Do you need to ask where Facebook goes to one of the trackers on Which ?-
and Amazon yes Dublin as well but like Brazil -the Movie – it goes to “Central Collection ” – that movie was well ahead of its time.

I have full technical data if anybody want to dispute this issue –be warned some may not like to hear their favorite app/company is intensely gathering their data.
Amazon info-

I appreciate that Duncan – I hadn’t realised that you were referring to the transfer of data for storage purposes. I don’t see any problem with that – it does not mean it is accessible to unauthorised third parties [i.e. neither the DVLA nor the registered keeper who are the first and second parties, and insurance companies, local authorities and authorised parking enforcement companies which can also interrogate DVLA records as approved third parties]. Obviously the police and security services in the UK can also access DVLA data but no one else should be able to do so except under a court order. I would imagine there are agreements with the data storage operators to prevent unauthorised access or misuse of data. I should be most surprised if the DVLA did not have this under strict control as required by the GDPR.

Why are you always thinking that people want to dispute things with you such that you build up a stockpile of ammunition with which to knock them down? You do seem to like imputing improper motives to people you deal with here. I don’t know how you find the time among your normal domestic and personal activities to do all this background and undercover work unless you feel threatened by the community in some way.

You only become paranoiac from the actions of others -prove this Lucas-prove that .
So that’s what I do I have a large download base taking up quite a bit of SSD space .
Come on John you know I have been criticized for not supplying URL,s /data in the past ,
now I am and now that’s a fault ?
Ian goes on about being straightforward I cant be more straightforward than that.