People are being warned about a malicious phishing scam that appears to be a text message from Royal Mail.
The text message arrives out of the blue and claims to be about a package that is about to be delivered.
The message says, "Your Royal Mail parcel is awaiting delivery. Please confirm the settlement of 1.99 (GBP) on the following link".
The link will then take you to something that looks like a Royal Mail website, but is actually a highly sophisticated copycat website that’s been set up by cybercriminals.
The website then asks you to pay the small fee and input your personal and banking details, which the fraudsters can then use to steal your identity and your cash.
Worryingly, reports on social media suggest this could actually be the first stage of an even bigger scam, one that could have a serious impact on your finances.
Twitter user @EmmelineHartley posted a detailed account of her experience with this scam - and it makes for difficult reading.
After falling victim to the original text scam, she was then telephoned by a man claiming to be from her bank, who asked her if she had potentially fallen victim to a phishing scam.
He provided her with numerous personal details, which she had unwittingly given to the criminals running the fake Royal Mail site. What made it more believable was that he appeared to be calling from an official phone number (scammers can even fake official numbers - this is known as ‘spoofing’). So, Emmeline was convinced that her entire account was in danger, and she was prompted to move all her money into a ‘safe’ account. This was actually the scammers account.
Unfortunately Emmeline realised it was a scam at the last minute. But by then it was too late - her entire bank account had been cleared out.
I mentioned yesterday that I’d been scammed out of every penny I had. Thought I’d post what happened in case it helps anyone avoid being in the same position. Please save the lectures, I don’t think it’s possible for me to feel any stupider 🤦🏻♀️ #royalmailscam #safeaccountscam pic.twitter.com/YRrh8W6uje
— Emmeline Hartley (@EmmelineHartley) March 21, 2021
Experienced scammers use subtle psychological tactics and sophisticated tech to trick even savvy people into handing over their cash.
Another Twitter user, @BushidoToken, posted screenshots of the fake Royal Mail website to highlight how convincing it is.
#Phishing as #RoyalMail campaign continues to grow significantly, one of the largest spam campaigns targeting the UK 🇬🇧 right now.
— Will | Bushido (@BushidoToken) March 22, 2021
99% hosted on one ASN - you'll never guess who 🧐
Track them via @urlscanio here: https://t.co/z7xbUqUVMZ pic.twitter.com/pqWocPoMMA
Royal Mail has said that it would never ask for payment through a text message, and that this particular scam seems to have started circulating in February, originally via email.
It’s incredibly important to be wary of messages out of the blue asking for money or asking you to click links. While these scams can be highly sophisticated, there are often red flags that you should look out for.
If you’re being asked to click on a link, check the URL to see how closely it matches the official address of the site it’s claiming to be. If it is a hyperlinked button or text, you can right-click the link and copy the link address into an offline document.
Be wary of sites that ask for too many personal or banking details, such as date of birth, account number, or sort code. These details are not needed to make small payments.
If you get a phone call from someone claiming to be from a bank and something doesn’t feel right, hang up, get the official phone number from the bank’s website and ring back yourself a few minutes later.
A bank will never ask you to move your money into another account via a bank transfer. This will always be a scam.
Speaking to the BBC, Katherine Hart, from the Chartered Trading Standards Institute, said: "This delivery scam is yet another example of fraudsters attempting to make money out of the unsuspecting public. Due to the lockdowns, many millions of people rely on product deliveries, so scammers have focused their efforts on this theme.
"Also, the public must also be aware that these types of scams may come in many forms, and scammers do not only use Royal Mail branding. Indeed, in January, I commented on a similar scam that used DPD branding.
"These types of scams come in many forms, not just via text but also in emails and through the phone."
