Email and text messages direct you to very convincing fake websites
The UK’s Royal Mail has warned of a spate of text messages and emails which trick residents into handing over their bank details to fraudsters.
The scams come in various formats but they all have a common theme: your parcel couldn’t be delivered and you need to take action in order to get it.
Whether you receive and email or an SMS, you’ll be told that either you owe a small amount of money for customs fees or that you were out and a new delivery date needs to be arranged, again at a cost of a couple of pounds.
The messages always include a link to a website where you’ll find a more or less convincing fake version of the Royal Mail site. You’ll be asked to choose a new delivery date then enter your name, address and even date of birth, followed by your payment information.
If you’re expecting a package, the scam is easy to fall for if you don’t stop and check the details. If you enter your card or bank details on a fake site, it won't just be £2.10 you lose: the criminals will probably empty your account.
A spokesperson said, “Royal Mail will only send email and SMS notifications to customers where the sender has requested this when using our trackable products that offer this service. The only time we would ask customers to make a payment in an email or SMS is if a customs fee is due.”
This is why some of the fake messages are clever: Royal Mail does ask for payment in some of these cases.
It doesn’t, however charge for redelivery: you’ll usually get a ‘We missed you’ note through the door telling you where and when you can collect your parcel.
If a customs fee is due, you’ll also get a grey slip through your door telling you as much, but the email or SMS might arrive before the piece of paper does.
How to tell if the message is a scam
1. Is the greeting impersonal?
Since the scammers don’t usually know who you are, the messages are typically impersonal and don’t address you by name. They’ll say ‘Dear Customer,’ or simply ‘Your package could not be delivered’.
2. Is the address of the website correct?
Even fake websites can have the proper security and get a padlock symbol, but won’t have the correct address. The real website is royalmail.com and the www could be replaced by something else such as personal.help.royalmail.com – this is still the legitimate site.
Fake sites will have royalmail somewhere in the URL but cannot end in royalmail.com. For example the SMS shown at the top of this article links to royalmail-parcel-gb.com which at a glance sounds right, but is a scam.
3. Does the message contain typos or poor grammar?
Look for poor grammar or errors. The same SMS begins ‘RoyalMail:’ which is a dead giveaway: the real name has two separate words. Then, the message is poorly written with commas separating what should be three separate sentences: “Sorry we missed you earlier, we have your parcel, to book a redelivery follow the link”.
4. Is the tracking number genuine?
If there’s a tracking number included, check it’s genuine. Browse to https://www.royalmail.com/track-your-item/ (type it in yourself, or search for ‘track Royal Mail’) and enter the number. Chances are, it won’t be found at all, or won’t show the correct address.
The same advice applies to all messages you receive, however you get them. Even if it sounds genuine, before typing in any personal information and certainly any payment details, check and double-check that the company in question has really asked for this and that you’re on the genuine website.
Antivirus software can help, too, and the best will warn you when you click on dangerous links that the site you’re about to visit could be a fake.
You should consider running antivirus software on all your devices for this reason: not just your PC or laptop, but your phone and tablet too.
The official Royal Mail website has more examples of scam emails and messages, and also allows you to report any scams sent to you.