My girlfriend today received an email allegedly coming from the Driver and Vehicle Licensing Agency (DVLA) of the United Kingdom. It was titled “something went wrong” and prompted to tax some untaxed vehicle.
The sender’s email ([email protected]), as well as the letter’s general awful grammar and shabby composition, would have betrayed that it was a phishing scam if that wasn’t already evident by the fact that my girlfriend does not have a car.
Judging it may present a good opportunity for some scam-baiting fun, I asked her to forward the email. It read as follows:
THIS IS AN AUTOMATED EMAIL – Please do not reply as emails received at this address cannot be responded to.
17803586905
Delivery Date:
Friday , 4 December 2020Your vehicle is no longer taxed.
Scammer
DVLA have been notified electronically about you latest payment for your vehicle tax failed because there is not enough money on you debit card.
We have generated a new invoice, and we suggest you to use a credit card instead of a debit, to avoid any other consequences that might appearin case again won’t be enough funds inside.
Tax your vehicle – START NOW >
the vehicle’s registration number
have your credit/debit card ready
follow the instructions on your screen
Invoice ID is #GBSEE015336130891987
You must tax this vehicle before it is driven on the road, tax now at www.gov.uk/vehicletax.
Acknowledge that it’s illegal to drive your vehicle until you’ve taxed it.If the information is wrong DVLA will not be able to tax your vehicle and you risk to be fined £480.
You’ll also have to pay for the time it was not taxed.
If you do not pay your fine on time your vehicle could be clamped or crushed, that will result enforcement action taken against you.
You may wish to save or print this email confirmation for yourrecords.
Yours sincerely
Rohan Gye
Vehicles Service Manager
Unfortunately, it was one of those scams whose perpetrators will not answer (or receive at all) your communication – thus depriving you of the chance to mock them a bit. Anyway, I carried on and clicked one of the three links contained in the letter to see, out of curiosity, how the process of stealing their victims’ bank card details is designed.
After waiting for up to half a minute to load, I was first brought to this page:
They have, indeed, quite convincingly replicated the UK government’s website’s design. I didn’t know what a British vehicle’s registration number looks like, so I simply used their own example to log in.
Sure enough, it passed me on to the next page.
Hmm, I really want to believe that this red box with the X tick isn’t something taken from the real site’s design – shame. By the way, Dec 04 is the current date – No mercy at all? What happened of the advance warning? Anyhow, I really had to hurry up and tax my vehicle now.
Next came the personal details page:
And of course, it was followed by the bank card details page:
As for the card number, I first tried to input 16 random digits, but here they exhibited a tiny bit of more intelligence than their brains generally suffice for. I really wanted to get my payment through, so that I can enjoy the privilege of imagining their dumb faces while trying to withdraw the funds of what would probably be the first successful phishing in their scamming carreers – I really want to believe that that would be the case; I find it kind of personally insulting to think that such idiots may be indeed making any money whatsoever… Anyway, I confirmed, and my confirmation I got.
In a few seconds, I was redirected to the real gov.uk website’s homepage. It should have instead taken me to this scam reporting page.
