You are eligible to receive a tax disc refund pretending to come from DVLA <firstname.lastname@example.org> is a brand new phishing attempt to steal your Personal information, driving licence details and your Bank details. I have never previously seen one of these and definitely have never seen any phishing attempt that asks you to scan/photograph your driving licence and upload a copy of that.
This one wants your personal details, A copy of your driving licence to be uploaded and bank details. Many phishes are also designed to specifically steal your email, facebook and other social network log in details as well.
Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.
The original email looks like this It will NEVER be a genuine email from DVLA or any other Government department or agency or any other company so don’t ever click the link in the email. If you do it will lead you to a website that looks at first glance like the genuine DVLA website but you can clearly see in the address bar, that it is fake. Some versions of similar phishes will ask you fill in the html ( webpage) form that comes attached to the email.
The link in the email, although looking like a genuine link https://www.taxdisc.direct.gov.uk/EvlPortalApp/tax-disc-refund/ID2803422 if you hover over the link you will see it actually goes to [DO NOT CLICK] http://www.nuclei.fr/.dvla/ where you are immediately forwarded to [DO NOT CLICK] http://www.baillysante.com/.dvla/90/
DVLA Driver and Vehicle License Agency Date: 19/February/2021
Dear customer, We are currrently upgrading our database and we found that you are eligible to recieve a refund from your last payment made on our behalf. A refund can be delayed for a variety of reasons. As example, for submitting invalid records or applying over the deadline.
To complete your refund application with us, you are required to fill out the form in the link below. https://www.taxdisc.direct.gov.uk/EvlPortalApp/tax-disc-refund/ID2803422 If you refuses to complete your application within two weeks of receiving this email will cause the lose the specified amount and you will take full responsabilty for that. We sincerely apologise for any inconviniences this might have caused you.
Thank you for your co-operation. (c) Driver and Vehicle Licensing Agency Swansea SA6 7JL
If you follow the link you see a webpage looking like:
After you upload a copy of your driving license you get a page looking like this, where the phishers try to validate your details to make sure that you are entering “genuine ” information. They make sure that the bank account numbers have the correct number of digits and that the name and date of birth is filled in
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straightforward attempt, like this one, to steal your personal, bank, credit card or email and social networking log-in details.
Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.