Royal Mail delivery or scam?

In this post, we highlight Royal Mail scams, which have rocketed in recent months with many victims having lost money.

Fraud of one kind or another has been around since the dawn of mankind. It requires opportunity, motive and rationalisation to take place, and this basic premise hasn’t changed.

Criminals will always find a way to justify their actions, but what has changed is the scale of availability of these elements. The motivation is different too, with the need for a sheep or cartwheel being replaced by pure greed. When it comes to opportunity, the internet provides access to millions of potential victims and a huge variety of ways to target them.

The COVID-19 pandemic has seen a massive surge in fraud, with many new types and variants appearing every week. Nobody’s immune, with fraudsters exploiting people’s fears for their and loved ones’ physical, mental and financial wellbeing. With so much going on and the massive changes in people’s lives, it’s no wonder that their online defences have slipped.

One of these big changes is how we purchase things, whether it’s our weekly shopping, DIY products or technology items. This shift to online purchasing has, of course, been accompanied by a massive upsurge in home deliveries, with a white (or red) van being encountered at every turn.

How the scams work

Over the years, we’ve all received fake emails informing us there’s a parcel awaiting delivery, requiring us to open the attached ‘delivery note’ or click on a link, or texts containing similar links. But the latest variation is a rash of texts purporting to come from Royal Mail. Cybersecurity company Check Point claims that March was the worst month for attacks, with Royal Mail-related cyber attacks reaching an average of 150 a week, a 645% increase over the previous two months! The report also highlighted over 138 malicious related websites containing forms urging users to submit confidential information.

Typically, the fake communications advise you that a parcel is due to be delivered, but there’s an additional fee (sometimes referred to as a ‘shipping fee’) which needs to be paid for before delivery can take place. The sender name or email address will normally include ‘Royal Mail’ and in the case of emails, feature the Royal Mail logo.

It’s easy to be hoodwinked. We all buy so much online now, we sometimes forget what’s due to be delivered and, more often, which courier will be delivering it. Again, seeing friends and booking holidays seem to be more important, don’t they?

There’s much more than £2.99 at stake

Typically, the texts and emails request payment of £1.99 or £2.99 to secure delivery. But if you fall for them, your loss could be far greater.

For example, one woman received a text claiming to be from Royal Mail, followed the link, and entered her details into a fake website. Later, she received a phone call claiming to be from her bank informing her that someone who had tried to set up direct debits on her accounts, and that her funds needed to be transferred urgently to another account. She agreed, and her money was gone in an instant.

The fraudster knew who she banked with from the information she’d entered on the fake website, but also seemed to know a lot more about her including her birthday and employment status. It’s possible that some of the information had been gleaned from one of her social media platforms, showing how criminals cleverly piece together information shared innocently, for their own ends.

Protect yourself

Our advice is very simple. If Royal Mail can’t deliver a package for any reason, they’ll put a grey card through your door, not send you an email or text. Nor would a bank call, text or email you to say that there were irregularities on your account resulting in the need to transfer money.

Advice on Royal Mail’s own website states:

  • Check at the top. Fraudsters often use subjects or greetings that are impersonal and general, like “Attention Royal Mail Customer”.
  • They may use a forged email address in the “from” field like “[email protected]
  • They may use the Royal Mail logo. None of this guarantees the email has come from us.
  • Scams often:
  • State there’s a parcel waiting to be collected
  • Ask for payment before an item can be released for delivery
  • Prompt you to open a link or document
  • Ask you to send a text message or call a phone premium rate phone number

As a general rule, don’t click on links or open attachments in unsolicited messages or emails, as they could be fraudulent. Some fraudsters are even know to spoof sender addresses, so they seem absolutely authentic. If in any doubt, call the actual organisation the communication claims to have come from, on the number you know to be correct. It may take a while to get through, but it’s better than having your bank account emptied.

Specifically to Royal Mail and other courier scams, always keep a record of what you’ve ordered online or over the phone – including delivery details. It’s good practice anyway, whether or not you’re targeted with a scam. Happy shopping!

In partnership with