Tuesday, May 28, 2019

fake DVLA text message

hello

just one of those "public service announcement", trying to help out the people posts, look you see. by no means would i call myself an expert in this sort of thing, but then again as quite a few always appear to get duped by scammers and fake messages i felt it best to share what i know.

in this instance, then, we have (presumably) criminals trying to catch motorists off guard. they are doing this by sending out a text message claiming they are due a refund of an overpayment by the DVLA, also known as the car and driving licence people.

let me take you through this step by step, so you can see how this is a fake and also how to spot them in the future. most importantly, though, please DO NOT follow any of the links you see in this post or call any numbers. right, here we go with the text message itself.



how do i know this is fake? in this instance it was fairly easy. for a start the DVLA would not have had the mobile number this was sent to. secondly, a few years ago i was, weirdly, due a refund from them. they send a cheque in the post and do not ask you to visit any website. other than that, there's the poor grammar at the start, and the poor "please follow at" wording.

number one for spotting these as fakes is the web address. every - EVERY - official government department website would have "gov" in the domain name (address) at some point. this one does not, and as enthusiastic tax collectors i can assure you the DVLA are very much a government department.

rather than try and explain it all in words again (i have done several posts on this), i have taken to that most beloved of software, MS Paint, to create the following.



hopefully that makes some kind of sense. for words to explain, the actual address you would be visiting then is uk-refund-ref27. we will get on to them in a bit more detail just now, but let's concentrate on the address we have. yes, indeed, there's the "dvla" in the web address, so it looks like it is real. everything which preceeds a "." before the domain "." (.com, .co.uk or what have you) is a "subdomain". you can create absolutely anything you like for that, it's not registered anywhere and certainly not under any control.

for fun, then, i decided to investigate the main domain here. who knows, after all, maybe they (the government) has (have?) elected to outsource all their web stuff, but neglected to inform anyone. if this was the case, surely those doing it would be transparent and accountable......



oh dear. this domain is less than one week old at time of writing. quite new, then. well, it does only take a few minutes to set up a basic, rudimentary website.

they do seem quite reluctant, whoever registered this domain name, to say who they are. i decided to dig a little deeper then, but i must add dig in perfectly legal, open to all who use the net databases in order to see who owned or at least registered this address.



i don't know about you, but i can never ever get bored of reading redacted for privacy again and again on a computer screen. how fortunate, then, that the people who own this faked DVLA website address have opted to hide every single detail of their registration behind that particular phrase.

there are, of course, all sorts of legitimate reasons as to why someone who retain privacy for their website registration. under no circumstances could i think of why the DVLA, or any legitimate government department, would do such a thing. that would probably be because they do not.

every website has to be stored, or if you will "hosted" somewhere. so, for the sake of a complete look at this, i decided - again using freely available services, indexes and what have you on the web - to have a look at who hosted this website.



just fancy that! it seems the hosting company is just as secretive as the people who have registered this domain that they are hosting a fake DVLA website on. and what a surprise (as in no it is not really a surprise) this hosting domain, looking at the registered on date, is also very new.

so who is the hosting company? as all website hosting companies are always on the lookout for new business, they would not hide their details, would they? sure, of course they would.



yes, you are reading the above correctly. the servers hosting the web domain that has a fake DVLA web page on it are hiding behind a company that masks such detail, based in Panama. not really the sort of behaviour one would expect of the decidedly Swansea based actual DVLA.

hopefully this has been of some help to some of you. as for striking back at these criminal types, don't worry so much. i know of a few people, such as Codename : Demonix and Codename : Atari, that spend their spare time causing as much frustration and problems for these criminals as possible.

as i write this just to help, and with no advertising or any other such "revenue streams", please feel free to share this with anyone you think might benefit from knowing a bit more.


with the exception of sh!tbag criminals that set up scams like this,


be excellent to each other!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!





No comments:

Post a Comment