/ Scams

Scam alert: fake texts, calls and a cloned Royal Mail site

Fraudsters attempted to wipe out a victim’s entire bank balance by setting up a clone Royal Mail website. Here’s how the scam worked and how it was stopped.

It started with a text, apparently from ‘Royal Mail’, claiming that a parcel was being held due to an unpaid shipping fee.

As Which? member Richard regularly exchanges parcels with family members who live abroad – and import and customs fees have increased following Brexit – this fake was particularly convincing:

The link in this text is disguised to look as though it points to the genuine royalmail.com website, this is done by capitalising the letter ‘I’ so it will appear to be the letter ‘L’. Therefore the link is actually ‘royaimaii.com’ which redirected Richard to a slick phishing website:

Make us aware of a scam with our new scam sharer tool

A lucky escape from a perfectly timed scam call

Richard entered his contact details, date of birth and debit card details on this Royal Mail clone.

The thief attempted to spend £1 using the stolen card details. Fortunately, his bank declined this payment (noting that it originated from an unusual device) and contacted Richard before immediately cancelling the card. 

But the scammers weren’t finished with their con.

The next day, they phoned Richard claiming to be his bank’s fraud team. Thanks to cheap number spoofing technology, his mobile phone identified the call as being from ‘First Direct’. 

The scammer pretended to be calling to follow up about the fraudulent card transaction, aware by now that the card had been cancelled. Understandably convinced that he was speaking to the bank, Richard initially followed the instructions – to protect his current account by logging into online banking and setting up a new sort code and account number.

The scam caller then asked him to transfer his balance to the new ‘secure’ account which thankfully rang alarm bells. Richard told us:

“At this stage the penny finally dropped and I told him I would prefer to call the bank myself to make sure that this was a legitimate exercise. He became very insistent and, essentially, tried to make me feel very guilty for wasting the bank’s time when they had called me to protect my money. When I asked him how I could be sure this was a genuine call he told me to look at the caller ID on my phone”

Fortunately, Richard stood his ground and called the genuine First Direct fraud team who confirmed that this was a scam. Which? reported the fake text and phishing website to both Royal Mail and the National Cyber Security Centre (NCSC). We also advised Richard to sign up for Cifas (£25 for two years) to protect against identity fraud

How to spot genuine Royal Mail communication

A Royal Mail spokesperson told us:

“Royal Mail will only send email and SMS notifications to customers in cases where the sender has requested this when using our trackable products that offer this service.’

The only time we would ask customers to make a payment by email or by SMS is in instances where a customs fee is due. In such cases, we would also leave a grey card telling customers that there’s a Fee to Pay before we can release the item. This would apply either to an international customs fee or to a surcharge for an underpaid item. This card may arrive later than the email or SMS. Royal Mail Group works hard to prevent and detect fraud.

We work with UK law enforcement agencies, Trading Standards and other organisations to share information and support robust proactive action against scams. Customers looking for advice on how to spot a fake notification should visit www.royalmail.com/scamprotection. Here they can view examples of current scams, and get advice on appropriate action”

Is it really your bank calling?

As this example proves, scammers can use number spoofing software to display false caller-ID information and trick you into thinking that their number belongs to your bank or another legitimate business.  

Which? is also aware that many scam callers will attempt to trick you into installing remote access software to ‘fix’ a spurious problem. This software is used by legitimate businesses – including the Which? Tech Support team and many IT support firms – but criminals abuse these tools to hack into email and bank accounts. 

Call-blocking services and phones offer some respite from unwanted calls. But the easiest way to stay safe is to hang up and call back on a phone number you trust, such as the one on the back of your debit or credit card.  

If you fall victim to fraud, contact your bank immediately and follow our step guide to getting your money back.

Have you had an experience of this Royal Mail scam? Let us know in the comments and, as always, help us warn friends and family.


Comments

MOG I got a message about this Rail Mail scam this morning 22/5/21 so thank you for all the thing’s you have put up on here

Barbara says:
24 May 2021

I’ve been told that I’ve won Apple 12 by Tesco. But it wants a £1.00 is this a scam???

Hi Barbara, this is a scam text that has been going around for some time now. You can find out more details here – https://www.tesco.com/help/privacy-and-cookies/privacy-centre/stay-safe-online/social-media-scams/

If you would like some guidance on how to report the scam please see this page from our site – https://www.which.co.uk/consumer-rights/advice/how-to-report-a-scam-aG3sH5L8tjeP

Hope this helps.

At last!

“Eight arrests in Royal Mail text scam investigation” –
https://www.bbc.co.uk/news/uk-england-57226704

Thanks John, that is good news. I wonder if there will be any arrests in the sub-postmasters’ scandal where innocent people were bankrupted, fined, sent to prison and, I believe, resulted in suicide. When incompetent intransigent people cause gross harm to others they should dealt with severely.

What I found very perplexing about the Post Office scandal [involving the Fujitsu Horizon sub-post office management system] was how the senior management of the Post Office persisted in believing – and wouldn’t be persuaded otherwise – that hundreds of hitherto honest, trustworthy and loyal sub-postmasters and mistresses suddenly and simultaneously became embezzling criminals. The top management, as well as many in the lower executive levels, blindly accepted that the system was fool-proof, properly implemented, equipped with perfect software for the purpose, and was diligently maintained, when all the evidence opposed that contention.

I am hoping that fair compensation will be awarded by the courts to all who were arraigned on false charges, wrongly convicted, imprisoned and substantially penalised, with their reputations destroyed and unable to work again in professional capacities. Despite the relatively poor rewards for operating a sub-post office there are very few cases of financial defalcation since it is an extremely heavily audited activity. For many of the postmasters and mistresses it is a vocation in the service of the public, meeting the needs of a local community. Many worked long into the night to wrestle with the incorrect transactions records of the Horizon system and have made up wrongly-recorded shortfalls out of their own pockets. Nervous breakdowns, family break-ups, suicides, and deep psychological harms, plus the stress of the legal fight to clear their names and recoup the financial losses, are just some of the consequences.

So far as I am aware, no one in the Post Office management has yet been held responsible. During the period in question, the chief executive of the Post Office, Paula Vennells, received remuneration benefits of £4.9m and was honoured with a CBE. Her ruthless policy of aggressive prosecution was supported at the highest level by the then chairman and other directors and other members of the executive management team. I really hope justice is done on behalf of all the people who were wrongly and viciously impugned.

I understand that since departing from the Post Office, Mrs Vennells became a priest in the Church of England but, in the light of the High Court judgment exonerating the appellants [and not a moment prior], has decided to step aside from her pastoral roles.

I received a text saying your sports direct parcel is out for delivery today. Track or divert http://www. Sonivozarcom/meg719.php?pgchejwvn. I didn’t order anything is it a scam

[Moderator: this website appears to be a scam website. We’ve retained the URL to help you identify it, but we’ve redirected the link to our guidance on how to spot fraudulent website. ]

You’d be right to treat it as suspicious Irene, given that you didn’t order anything, and that the URL provided doesn’t point to either Sports Direct or to a delivery tracking company.

You can report this by either contacting your mobile phone provider, or by forwarding it to 7726. Full details in our guide: https://www.which.co.uk/consumer-rights/advice/how-to-spot-a-messaging-scam-at2fR9B2E85g

Julie says:
27 May 2021

Yes I got one of these links the other week and even before that I had been getting texts which looked like they were from the bank and weren’t. I also had a call saying it was the bank fraud team. he was very convincing initially cos they are careful not to ask you for any personal details particularly, but then what was really dodgy was they sent me a text wanting me to confirm a transaction and told me it was to put money “back into my account ” £800 that had left it and that whilst he was talking to me he could see that someone was trying to trf £1500 and wanted to take me through “level 3 security” a bit like your story above so i refused and also insisted that I would call the bank directly and only then would I talk to them and they put the phone down on me. i did call the bank and they cancelled my card and checked everything was ok but they could see an attempt had been made on a transaction which was the one I refused to confirm on the text for them.

Have also had the HMRC phone call a few times which says you are the subject of a tax fraud and if you dont make a payment immediately the police will come and arrest you. i just put the phone down and I did report that on to HMRC.

Just received this text
I received a text telling me a parcel has been returned to local depot 27/05/21. Follow steps on line to royal mail.co.ukpostals.com
The phone no was +447726301809
What should I do

Anna – You should ignore it and delete the text. The internet address is false and not Royal Mail’s. The originating phone number is probably spoofed as well. This is a scam which can lead to devastating consequences if you give any information to the fraudsters who are behind it.

If you have read the comments in this Conversation you will have seen that the Royal Mail do not operate in this way.

1. They collect the postage from the sender.

2. If they cannot deliver for any reason [e.g. size, weight, signature required] they leave a card so you can arrange redelivery.

3. They do not have people’s phone numbers.

Are you expecting a parcel? If so, check with the sender to see whether it has been despatched and which company is carrying it, and then track it yourself through their website.

Hi Anna – You can forward the text to 7726, as recommended by Which? https://www.which.co.uk/consumer-rights/advice/how-to-deal-with-spam-text-messages-axsG54B0mH0H

If the originator is unknown what might this achieve?

I am baffled to know what forwarding a text message to 7726 or reporting an e-mail scam to Action Fraud achieves other than a higher number of reports. Do they cross reference them to locations, times of day, origins of source? What do they do about duplications of identical reports? Is this the best use of crime prevention resources?

From the Action Fraud website:

“The National Cyber Security Centre (NCSC) will analyse the suspect email and any websites it links to. They’ll use any additional information you’ve provided to look for and monitor suspicious activity.

If they discover activity that they believe is malicious, they may:

seek to block the address the email came from, so it can no longer send emails
work with hosting companies to remove links to malicious websites
raise awareness of commonly reported suspicious emails and methods used (via partners)”. Presumably this will also apply to text messages.

I presume that these reports are processed by computer. Multiple reports from different sources could, for example, help distinguish between a malicious website and a genuine one that is being targeted by individuals and groups.

Action Fraud comes in for a great deal of criticism because it does not help individuals recover their money. That is not its purpose, as is made clear on its website.

How much reliance do we place on this? ” Exclusive: scam victims ignored by police fraud reporting system Action Fraud branded ‘unfit for purpose’ by the very police officers who rely on it.

Read more: https://www.which.co.uk/news/2019/09/exclusive-scam-victims-ignored-by-police-fraud-reporting-system/ – Which?

You would be forgiven for thinking “why bother”, especially when you have no useful information on the fraudster, as is probably the case in the above attempted fraud.

Until we have a government that is prepared to invest in tackling fraud more effectively I am not optimistic that any progress will be made. I highlighted the example of scam websites where it is easy to have them removed promptly with the cooperation of the hosting service.

I have personal experience of a web hosting service taking very prompt action when I notified them that a website had been hacked. As I mentioned it is vital to be certain that a website is malicious because there are many who target genuine websites in various ways.

Progress can be made by informing us better about fraud and the precautions we should take. That would help those receptive to information.

Removing the sources of fraud seems very difficult as they are so disparate and often outside our jurisdiction. The internet had made them so easy to reach the more vulnerable.

I guess that only when fraud has already been committed will a site be informed and, hopefully, remove the source, but probably only temporarily before it pops up again under a new guise. It is only a part of the answer. I doubt there is a complete answer so we must continue to be cautious in our affairs.

If only someone had a magic wand…..

In order to set up a new website, genuine or malicious, you need a domain name that has not been used or reserved and in most cases a hosting service for your site. Some internet service providers allow customers to set up their own website, and I did this for years until my site became too large for the webspace allocation.

Perhaps there is a case for those setting up new sites for commercial use to pay towards monitoring for fraudulent activity for a period (e.g. a year) or to pay a large deposit that could be lost if fraud has been detected.

Informing us of risks is simply not enough.

”Informing us of risks is simply not enough.”. I was not suggesting it was enough but that it was a part of the process. Progress can be made by informing us better

Let’s agree on the benefits of informing us better, Malcolm.

Here I have pointed out how easy it is to set up a website that could potentially be used for fraudulent purposes. What action should be taken?

We have scammer who manage to secure bank accounts and card services and use these facilities for fraud. What action should be taken?

I have suggested flagging up the less diligent banks as a warning. Should we pursue that? There is clearly not a single answer so we need to work on several fronts. Maybe others could be suggested? Maybe Which? could chip in?

Do you think our government should be doing more to tackle fraud, Malcolm? I’m happy to draw attention to banks that are not diligent.

“Something should be done”. But what should the government do? Lets have some suggestions that are specific so we can examine a fruitful way forward.

I have suggested that there might be scope to tackle the problems that scammers are able to set up fraudulent websites and obtain bank accounts, etc. That would need to be driven by government and if Action Fraud is to achieve more, that will need government funding.

Wavechange – Thanks for the information about the functions ActionFraud performs. Unfortunately I am no closer to understanding what the organisation is achieving.

Functionally, it presumably fulfils its role as the national reporting centre for fraud and cybercrime and collects and digests the reports received, but like many public organisation it is long on inputs and short on outputs.

It would be interesting to know what ActionFraud thinks the number of reported frauds and cybercrimes represents as a percentage of the total number, and whether more reports would make their detection and prosecution any easier.

Frauds and scam attempts are rampant right now and many people probably don’t think there is much point in reporting them since it would merely raise the unsolved crimes statistic.

I think it is widely recognised, including by the police themselves, that their training, tactics aptitude, and resources are not suited to the task of shutting down fraud. It doesn’t involve car chases, dogs, armour, and physical force. I think a completely new type of unit is required with a different culture, educational background, and methodology. Shadowing intellectual criminals could be a very rewarding occupation for someone with the right qualities and insights, and it doesn’t need physical fitness, a minimum height, and steel toe-capped footwear. The CID could be the pathfinder for it but their officers tend to come from the uniformed branches.

I presume it is not just we Brits who are subjected to fraudulent activity? If it is international then we need an international response. Just thinking our government will have a magic answer is not understanding the problem, I suggest. It is an issue of international banking, finance, the internet among others. We are, I expect, just one fish in this pond. What are Which? doing with their international counterparts, including those under the BEUC umbrella?

John – I don’t know either. I explained that it is easy to take down a fraudent website with cooperation and the need for caution to ensure that innocent companies are not victims of such action. I do not know how to tackle fraud in general because I have no specialist knowledge.

I do not see any point in reporting well known scams but I would report a new one.

It has been suggested that those opening new bank accounts should keep a substantial deposit so that, in the event of fraud being detected, the funds would be there to repay the defrauded party. As “life-changing sums” are said to be involved such security deposits would need to be very large to be effective. How many of us would be able to open accounts if that were the requirement, including those opening new businesses?

If it were practical it may be that organisations would act as guarantors for a fee, rather like insurers, who would provide the security and cough up if their client proved to be less than honest. It will all add to the financial sector’s coffers. I doubt we need to go to those lengths.

It might help if we identified those banks where fraudsters accounts have been largely opened. A warning could be automatically provided if you were being asked to send a payment to one of those banks. Consenting to the transfer subsequently would be at some risk.

I’m not sure of the details without looking them up, but I have to meet certain conditions if I want to avoid fees on my First Direct bank account. The account has to be active i.e. regular payments going in and out plus maybe maintain a balance of over £1000.

Perhaps if more banks required customers to keep a certain balance in their account it could help them be better prepared for unexpected expenditure. I have sympathy for those who get into debt because of unemployment or illness, but there are many with a steady income who through overdrafts and credit cards manage to live beyond their means for years.

While the bank may suggest customers do this we need to accept responsibility for our own financial situations, and learn how to do that. The banks could help with that education.

What I would like banks to offer is a range of accounts with facilities tailored to their customers’ abilities, but voluntarily. Although misuse or irresponsible use of an account, a sign that the account holder may be struggling to resist fraud for example, could trigger restrictions, both in the customer’s interests and to protect the bank from compensation claims.

I would suggest that people keeping a large deposit available as a contingency in case of fraud should keep it in a different account with a different bank or institution. If it’s in the bank that is plundered then it will go the same way as the rest of the customer’s funds. Fraudsters take the lot; they don’t leave a sum behind as a goodwill gesture.

The special fund would need to be fairly liquid which means it won’t earn much interest and I doubt if many people would be able to set aside the sort of amount required to replace their life savings. Some form of insurance arrangement might be worth exploring.

Probable Scam involving CURRYS PC WORLD REWARDS

I received an E-Mail dated June 8, 2021, purporting to be from, or on behalf of, Currys PC World Rewards. This informs me that an E-Wallet existing in my name has 119,550 points left in it, and that it is ‘resetting in two days’ (i.e, by today June 10).

I know nothing about such an ‘E-Wallet’. The E-Mail is so vague that it gives no details of the actual address for this company, the Sender is merely shown as ‘Information’, the E-Mail address looks highly suspect, and the closing “High five” remark instead of “Yours sincerely” (or similar) is not what you would expect from a well-known, reputable company like Currys PC World.

The whole E-Mail screams “SCAM”. I have not taken the matter further than reporting it here, so others can be aware of this probable attempt to defraud innocent people. A copy of the E-Mail I received is shown here:

“The expiration date of your points approaches Robert
Information Jun 8, 2021, 8:12 PM
to me

Currys PC World Rewards

Dear Robert
Good news!
You have 119,550 points left in your E-Wallet
However, we are reminding you that your Currys PC World points is resetting in two days.

Use them before expiration here:
Use Points

High five,
Customer Service
Unsubscribe Here”

Rob – It’s interesting that the scammers have chosen to masquerade as Currys whose reputation is currently in question because of their poor customer service which has been under examination by Trading Standards.

Thanks for your comment John. I wasn’t aware of that.

Geoff G says:
26 July 2021

Just had a call from royal mail dispatch claiming they had package for me which needed a customs charge paying, yeah nice try, next time try ringing from a landline NOT a mobile

Issyy Williams says:
7 October 2021

Fell for this scam on 2/10/21. Gave away all my details but fortunately realised what I had done and rang bank at 11.30 p.m and was given excellent support. Luckily did not lose anything but did get a call supposedly from the bank fraud dept.. Told caller I could not hear him and I would go in to bank the next day. This was followed by 4 more calls displaying bank help line number. Have now blocked number