is doing the rounds online which could see motorists dupedAttack.Phishinginto entering sensitive information and being ripped off by criminals . Here ’ s what to do if you receive this message . DVLA car tax scam are not a new thing and every couple of months a new one does the rounds . Criminals pose asAttack.Phishingthe Driver and Vehicle Licensing Agency in a bid to extort motorists of their cash by requesting this bank details . These crooks usually try to achieve this by threatening a monetary punishment of some sort or in other cases by stating that the driver is entitled to a refund . The problem for some motorists could fallAttack.Phishingfor the fraudulent messages especially as they often look fairly professional and can even contain the logo of the DVLA Motorists Jason Price , however , was not fooledAttack.Phishingby the latest attempt by fraudsters trying to get him to hand over his details . Mr Price tweeted a link to the email that he receivedAttack.Phishingfrom the criminal pretending to beAttack.Phishingthe DVLA . The subject of the email is “ You are not up-to-date with your vehicle tax ” followed by a bogus item reference number , which presumably is to , in some way , make the email seem more legitimate . The contents of the email claim that the driver is not up to date with their vehicle tax and states that this is their ‘ last chance ’ to pay the remainder of the fee . It reads : “ Our records show that you are not up-to-date with your vehicle tax . “ This is a reminder ( V11 ) and a ‘ last chance ’ warning letter from us . “ Tax your car , motorcycle or other vehicle today to avoid unpleasant consequences . “ You must tax your vehicle even if you don ’ t have to pay anything , for example if you ’ re exempt because you ’ re disabled . “ You ’ ll need to meet all the legal obligations for drivers before you can drive. ” It also states that “ You can be fined up to £1,000 if you do not renew your car tax ” The DVLA has issued numerous warnings to customers in the past about how it will never contact the motorist in this way . “ # SCAM WARNING : We 're reminding customers that the only official place to find our services and information is on http : //GOV.UK “ Cyber scams are common so we want to help our customers to spot fraudulent activity. ” If you receive an email or message like this you should either report it or instantly delete it and not click the link in the message . If you ’ re unsure on the validity of a message then you can ring the licensing agency .
Google has stopped Wednesday ’ s clever email phishing schemeAttack.Phishing, but the attack may very well make a comeback . One security researcher has already managed to replicate it , even as Google is trying to protect users from such attacks . “ It looks exactly likeAttack.Phishingthe original spoofAttack.Phishing, ” said Matt Austin , director of security research at Contrast Security . The phishing schemeAttack.Phishing-- which may have circulatedAttack.Phishingto 1 million Gmail users -- is particularly effective because it fooledAttack.Phishingusers with a dummy app that looked likeAttack.PhishingGoogle Docs . Recipients who receivedAttack.Phishingthe email were invited to click a blue box that said “ Open in Docs. ” Those who did were brought to an actual Google account page that asks them to handover Gmail access to the dummy app . While foolingAttack.Phishingusers with spoofed emails is nothing new , Wednesday ’ s attack involved an actual third-party app made with real Google processes . The company ’ s developer platform can enable anyone to create web-based apps . In this case , the culprit chose to name the app “ Google Docs ” in an effort to trickAttack.Phishingusers . The search company has shut down the attack by removing the app . It ’ s also barred other developers from using “ Google ” in naming their third-party apps . More traditional phishing email schemesAttack.Phishingcan strike by trickingAttack.Phishingusers into giving up their login credentials . However , Wednesday ’ s attack takes a different approach and abuses what ’ s known as the OAuth protocol , a convenient way for internet accounts to link with third-party applications . Through OAuth , users don ’ t have to hand over any password information . They instead grant permission so that one third-party app can connect to their internet account , at say , Google , Facebook or Twitter . But like any technology , OAuth can be exploited . Back in 2011 , one developer even warned that the protocol could be used in a phishing attackAttack.Phishingwith apps that impersonateAttack.PhishingGoogle services . Nevertheless , OAuth has become a popular standard used across IT . CloudLock has found that over 276,000 apps use the protocol through services like Google , Facebook and Microsoft Office 365 . For instance , the dummy Google Docs app was registered to a developer at eugene.pupov @ gmail.com -- a red flag that the product wasn ’ t real . However , the dummy app still managed to foolAttack.Phishingusers because Google ’ s own account permission page never plainly listed the developer ’ s information , unless the user clicks the page to find out , Parecki said . “ I was surprised Google didn ’ t show much identifying information with these apps , ” he said . “ It ’ s a great example of what can go wrong. ” Rather than hide those details , all of it should be shown to users , Parecki said . Austin agreed , and said apps that ask for permission to Gmail should include a more blatant warning over what the user is handing over . “ I ’ m not on the OAuth hate bandwagon yet . I do see it as valuable , ” Austin said . “ But there are some risks with it. ” Fortunately , Google was able to quickly foil Wednesday ’ s attack , and is introducing “ anti-abuse systems ” to prevent it from happening again . Users who might have been affected can do a Google security checkup to review what apps are connected to their accounts . The company ’ s Gmail Android app is also introducing a new security feature to warn users about possible phishing attemptsAttack.Phishing. It 's temptingAttack.Phishingto install apps and assume they 're safe . But users and businesses need to be careful when linking accounts to third-party apps , which might be asking for more access than they need , Cloudlock 's Kaya said . `` Hackers have a headstart exploiting this attack , '' she said . `` All companies need to be thinking about this . ''