Our system has identified that your vehicle tax will be due on Saturday, 06
December, 2025.
To ensure that your vehicle remains legally paid and complies with applicable traffic regulations, you are required to complete the renewal process before the due date
[Update Now]
Thank you for keeping your vehicle tax up to date and for helping us maintain safe and legal roads across the UK.
————
I own a car, and the DVLA and vehicle tax are real things, so my immediate reaction to this was “Is this a genuine message?” It wasn’t, of course. But the scam email got me wondering: are the sort of people who fall for such things also the sort who think that the LLMs they talk to are people?
Another contributing factor might be a person’s level of anxiety about the DVLA, or government, or email, or “the system”. When people are anxious about what “the system” might do to them, and prepared for it to make novel demands upon them, that primes them to be scammable.
A different example: If you want to phish an office-worker, one way to do it is to pretend to be their boss and make sudden urgent demands of them. If the office-worker fears that they will be fired if they don’t comply with novel demands from their boss, then they are primed to be scammable. Workers who feel unsafe questioning “their boss’s” orders will be more scammable than workers who feel safe calling bullshit on their actual boss once in a while.
Sure, but the boss can go wrong by creating an incentive structure in which questioning a message “from the boss” is unsafe.
Successful anti-phishing campaigns instill not only doubt (“Is this actually from the boss?”) but also permission to act on that doubt (“I’ve got the boss’s cell phone number already; when I’m not sure if the message is from the boss, I’m supposed to call the boss and check, with no chance of bad consequences for pestering her.”)
Yesterday I received this email:
————
Driver & Vehicle Licensing Agency
Dear Vehicle Owner,
Our system has identified that your vehicle tax will be due on Saturday, 06 December, 2025.
To ensure that your vehicle remains legally paid and complies with applicable traffic regulations, you are required to complete the renewal process before the due date
[Update Now]
Thank you for keeping your vehicle tax up to date and for helping us maintain safe and legal roads across the UK.
————
I own a car, and the DVLA and vehicle tax are real things, so my immediate reaction to this was “Is this a genuine message?” It wasn’t, of course. But the scam email got me wondering: are the sort of people who fall for such things also the sort who think that the LLMs they talk to are people?
Another contributing factor might be a person’s level of anxiety about the DVLA, or government, or email, or “the system”. When people are anxious about what “the system” might do to them, and prepared for it to make novel demands upon them, that primes them to be scammable.
A different example: If you want to phish an office-worker, one way to do it is to pretend to be their boss and make sudden urgent demands of them. If the office-worker fears that they will be fired if they don’t comply with novel demands from their boss, then they are primed to be scammable. Workers who feel unsafe questioning “their boss’s” orders will be more scammable than workers who feel safe calling bullshit on their actual boss once in a while.
The office worker has gone wrong already by panicking and failing to ask, “Is this actually from the boss?”
Always be asking “What am I looking at?”
Sure, but the boss can go wrong by creating an incentive structure in which questioning a message “from the boss” is unsafe.
Successful anti-phishing campaigns instill not only doubt (“Is this actually from the boss?”) but also permission to act on that doubt (“I’ve got the boss’s cell phone number already; when I’m not sure if the message is from the boss, I’m supposed to call the boss and check, with no chance of bad consequences for pestering her.”)