direct debit - fake dvla phishing website phishing

I have recently received a DVLA phishing email that leads to a convincing DVLA phishing website.

Of course, this is all a scam, the DVLA do not send emails informing you that your car tax needs renewing.

DVLA

The DVLA is the Driver and Vehicle Licencing Agency in the United Kingdom. It allows users to tax their cars and inform them of any vehicle changes as well as address changes. Although this scam is probably not uncommon, it is the first time I have come across this type of scam.

DVLA Website United Kingdom -Tax car
The Official DVLA Website

DVLA Phishing Emails

Scammers will always need a method of getting users onto their fake DVLA website. Phishing emails are one of the most common ways of sending potential victims to the DVLA phishing website.

It was a DVLA phishing email I received that took me to the fake DVLA website. The phishing email itself was very basic. It only had some basic details inside it and of course a link to the DVLA phishing website.

Let’s take a look at the DVLA phishing email:

DVLA phishing emails - example fake car tax email
DVLA Phishing Email Example
From: GOV.UK <[email protected]>
Sent: 04 April 2022 07:46
To:
Subject: Vehicle tax invoice number - 797195 
 
Dear,

You got a letter fom gov.uk

http://www.log.dv.la.uk.aypt8cjBxJaS.applite.ir/.xzq/.xzt/?aypt8cjBxJaS

Yours sincerely

Angela MacDonald
Deputy Chief Executive and Second Permanent Secretary

As you can see from the email it is very limited and does not include any DVLA logo etc. This phishing email from the DVLA has one purpose which is to take users to the phishing website.

DVLA Phishing Website

The first page on the DVLA phishing website asks users to enter their car registration. I entered fake details to proceed to the next page.

DVLA phishing website - enter registration number of the vehicle
DVLA Phishing Website – enter vehicle registration

Users should not enter any details into a suspected fake website. Any details entered into a phishing website will be used to target users in further scams.

DVLA Fake Car Tax Website

The next screen informs users that they owe £46.78 in vehicle tax. This is simply not the case as the car registration I entered probably does not exist.

This particular page attempts to inform users that they run the risk of a £1000 fine if they do not continue. This is nothing more than a scare tactic attempt aimed at making users panic and enter their personal details into the fake website.

DVLA phishing website fake car tax website
DVLA Fake Website Vehicle Tax Owed

DVLA Phishing Site – Personal Details

The next page on the fake DVLA website requires users to input all their personal details. It goes without saying that details should not be entered into any suspected fake websites. At the very minimum, your personal details will be used to target you in the future with more scams.

Fake DVLA Website - phishing DVLA - enter personal details
Fake DVLA Website – Personal Details
Fake DVLA website - personal details 2
Personal Details Continued – Phishing DVLA

Setting Up An Direct Debit – DVLA Phishing Website

The next page on the DVLA phishing site asks the user to enter their bank sort code and account number. This page is supposed to set up a direct debit to pay for their car tax.

Again, details that are personal such as banking information should not be entered into a phishing website.

direct debit - fake dvla phishing website phishing
Banking Information – DVLA phishing Website

Phishing Alert From Avast Antivirus

At this point, Avast Antivirus picked up that I was on a phishing website and proceeded to block the website. Avast is one of the best free antivirus available and is great for basic standard protection.

Avast alert - phishing website DVLA
Avast Antivirus Alert – DVLA Phishing Website

DVLA Phishing – Card Details

After I disabled the Avast web shield I continued to the next page on the DVLA phishing site. It informs me that the direct debit has failed and it requires my card details. This is typically convenient for the scammer and an excuse to get the most important details from the victim.

Credit card details - fake dvla website car tax
Credit Card Details – Fake DVLA site

Application Received – DVLA Phishing Site

The final page on the DVLA phishing site informs me they have received my application before redirecting me to the real GOV UK site.

By this point, the scammer has all your details including banking information.

DVLA phishing site - application received
Application Received – Fake DVLA Site

DVLA Phishing Site Example 2

This DVLA phishing website was sent to me by email. The email included the following information:

From: GOV.UK <[email protected]>
Sent: 21 June 2022 12:37
To:
Subject: Vehicle tax invoice number - 99460 
 
Dear,

Vehicle tax status - unpaid.
Click on the next link to fix the issue:

http://www.info.ssl.service.gov.uk.IwXxjOzZl6x38V.applite.ir/.xzq/.xzt/?IwXxjOzZl6x38V

Yours sincerely
Gov.uk

I have recently received another vehicle tax scam that leads to a DVLA phishing site. I think it is the same scammers as the first DVLA phishing site.

The first page of the fake DVLA site asks users to enter their vehicle registration of the car.

fake DVLA site - enter registration
Enter the vehicle registration – DVLA Phishing Site

The next page of the vehicle tax scam website informs visitors they owe money. This amount is always the same regardless of the details entered on the previous page.

Vehicle Tax Amount Owed - DVLA Phishing Site
Vehicle Tax Amount Owed – DVLA Phishing Site

Next, the vehicle tax scam site asks the user to input their personal details. Personal information should not be entered into any suspicious websites.

Vehicle Tax Payment - DVLA Scam - vehicle tax scam
Vehicle Tax Payment Scam

The next page asks users for their banking information, specifically the sort code and account number. This will be used against you later on. The scammers will identify who you bank with from this information and call you pretending to be working for your bank.

DVLS Scam wesbite - vehicle tax payment
Scammers requesting banking information – DVLA Tax Scam

The fraudulent car tax website claims to be processing information before moving on to the next step.

processing - DVLA Vehicle Tax Scam
Processing Information – DVLA Car Tax Scam

The following page is the scam’s most important and lethal part. The website asks for credit card information, at the very least your card will be used. This information is used when the scammer calls you later with the story of they have flagged a suspicious transaction to DVLA.

credit card details - fake car tax scam website - dvla gov
Entering Credit Card Details – DVLA Car Tax Scam

The final page informs the user that the application has been received. This of course is not the case!

Application Received - DVLA Car Tax Scam
Application Received – DVLA Scam

Reporting Phishing Websites

If you think you may have been the victim of a phishing scam please contact your local police force for information on how to keep safe.

Reporting phishing websites and emails can help prevent others from being scammed. Any suspicious emails can be forwarded to [email protected].

Any suspicious websites can be reported directly to the NCSC or the FBI for analysis. Further information for reporting phishing emails and scams can be found online here.

Leave a Reply

Your email address will not be published.