A series of fake SMS text messages are being sent out to UK numbers that claim to be from the Royal Mail urging the recipient to click a link to pay a shipping fee.
Examples of these SMS text messages are below.
Royal Mail: Your package Has a £2.99 shipping Fee, to pay this now please visit LINK REDACTED. Your package will be returned if fee is unpaid.
Royal Mail: Your package has a £2.99 shipping fee, to pay this now visit LINK REDACTED. Actions will be taken if you do not pay this fee
Royal Mail: Your package is waiting for delivery. Please confirm the settlement of £1.99 on the following link: LINK REDACTED
Your parcel is being held at our depot due to an unpaid £2.70 shipping fee.
Please pay the fees before Tuesday, 23 March 2021 otherwise the parcel will be returned.
RoyalMail: Unfortunately Royal Mail ran into an issue when attempting your delivery. We have now incurred a £1.99 delivery fee. To have your delivery rescheduled visit us at LINK REDACTED
The text messages are scams designed to lure recipients to fake spoof websites that steal all information entered into them.
In the examples we examined the spoof websites asked for a visitor’s name and address as well as their credit card information and bank account and sort code number. All of this information – if entered – would be sent to the crook. And this is more than enough information to allow those crooks to make unauthorised payments from a visitor’s bank account as well as commit identity theft.
Some tips to avoiding these phishing scams –
The Royal Mail doesn’t send text messages demanding money. So if you get one, you know it’s a scam.
Don’t click on links in emails, Internet chat messages or text messages. These can lead to fake spoof websites. If you’re not sure if a message is real or not, open a web browser and go to the website of the company in question directly, without clicking the link.
If you do click a link, check the web address at the top of the webpage. The Royal Mail website is royalmail.com, and spoof websites may try to look like this but they can’t replicate it.
Never enter personal or financial information on a website that you arrived at after you clicked a link, be it in an email, online messages or text message.
Use security software on your computer which can detect known phishing websites and block them. Our recommendations are here.