There’s been a resurgence in fake Hermes texts trying to lure you into bank transfer scams. Here’s how fraudsters have been changing their tactics to try to catch you out.
Text message scammers ultimately want to get hold of your details, including who you bank with, so they can later call you pretending to be that bank. They usually warn victims that their account has been compromised, persuading them to send their money to a new ‘safe account.’ But this is all a lie.
Scam texts claiming to be from delivery company Hermes have been circulating for a long time, but recently the scammers behind them have been trying to make their attempts to con you more convincing – here’s how:
Fake Hermes text tactics
These scams start out as a text message saying you’ve either missed a delivery or there’s a fee to pay for a parcel. They include a link that takes you through to enter details or make a small payment.
But Hermes never asks for payments via text – it only sends links that let you view parcel tracking.
Customers have wised up to this, so scammers are now including other details in the message to mimic real Hermes texts, and offer links to ‘track’ a parcel.
Some now include an estimated time of delivery and the names of big retailers, sometimes followed up shortly after with a fake missed delivery notification from the same number.
The links included take you through to copycat Hermes websites.
The masked SenderID
Scam texts can often be spotted because they’re usually sent by an unknown mobile number, rather than a named SenderID (such as ‘Hermes’).
In theory, these names should be protected by the phone network so they can’t be used fraudulently, but fraudsters have found a way to mask or ‘spoof’ Hermes’ name. We’ve seen fake texts drop into the same conversation thread as real text alerts from Hermes, making them more believable.
The first and third texts are genuinely from Hermes. The middle one (highlighted) is fake.
The cloned websites
Fake messages are linking to increasingly sophisticated copycat websites that look just like the real thing. Instead of asking for payment upfront, this clone site cleverly takes details from you, piece by piece, to ‘locate’ your parcel:
Only after you’ve handed over your address, number, and other personal information, the site warns there’s an outstanding fee to pay. By this time, a lot of victims have told us they’ve realised something’s not right, but have already given away sensitive details.
Scammers can still use these details to target people with more scams, possibly with phone spoofing scams where they pretend to be calling from your bank.
If you think you’ve given away your bank details, contact your bank immediately via its official channels and tell it what’s happened.
Staying safe from evolving scams
The number one piece of advice for avoiding being scammed: avoid following any links you’re sent in text messages. Even if:
🔹 The SenderID appears to be real
🔹 It’s asking you to update payment information urgently
🔹 It threatens a service or order will be cancelled
🔹 You’re curious about having had something delivered
Contact the organisation or company the message claims to be from directly to check the details if you’re not sure.
Hermes says it’s keen to protect customers from these scams. It’s put warnings across its website and offers advice on avoiding phishing attempts using its brand. Its Chief Information Security Officer said:
“We take this very seriously and want to play our part in protecting the UK public as well as our customers, as we’ve seen that this issue has increased significantly since the start of the COVID-19 pandemic. Hermes has implemented and invested in multiple detect and response measures that we continuously monitor”
Forward scam texts you receive to 7726
You can share suspicious texts with your network provider by forwarding them to 7726 (spells SPAM on the keyboard). Cloned sites should be reported to the National Cyber Security Centre on email@example.com
You can also report these sites to the domain host, who can take steps to shut it down. You can find out which company hosts a website by putting the site’s URL into a Whois search.
Have you received these fake Hermes text messages? Were you sent on to a cloned website? Let us know in the comments, and do help warn your friends and family.