/ Scams

Scam alert: fake texts, calls and a cloned Royal Mail site

Fraudsters attempted to wipe out a victim’s entire bank balance by setting up a clone Royal Mail website. Here’s how the scam worked and how it was stopped.

It started with a text, apparently from ‘Royal Mail’, claiming that a parcel was being held due to an unpaid shipping fee.

As Which? member Richard regularly exchanges parcels with family members who live abroad – and import and customs fees have increased following Brexit – this fake was particularly convincing:

The link in this text is disguised to look as though it points to the genuine royalmail.com website, this is done by capitalising the letter ‘I’ so it will appear to be the letter ‘L’. Therefore the link is actually ‘royaimaii.com’ which redirected Richard to a slick phishing website:

Make us aware of a scam with our new scam sharer tool

A lucky escape from a perfectly timed scam call

Richard entered his contact details, date of birth and debit card details on this Royal Mail clone.

The thief attempted to spend £1 using the stolen card details. Fortunately, his bank declined this payment (noting that it originated from an unusual device) and contacted Richard before immediately cancelling the card. 

But the scammers weren’t finished with their con.

The next day, they phoned Richard claiming to be his bank’s fraud team. Thanks to cheap number spoofing technology, his mobile phone identified the call as being from ‘First Direct’. 

The scammer pretended to be calling to follow up about the fraudulent card transaction, aware by now that the card had been cancelled. Understandably convinced that he was speaking to the bank, Richard initially followed the instructions – to protect his current account by logging into online banking and setting up a new sort code and account number.

The scam caller then asked him to transfer his balance to the new ‘secure’ account which thankfully rang alarm bells. Richard told us:

“At this stage the penny finally dropped and I told him I would prefer to call the bank myself to make sure that this was a legitimate exercise. He became very insistent and, essentially, tried to make me feel very guilty for wasting the bank’s time when they had called me to protect my money. When I asked him how I could be sure this was a genuine call he told me to look at the caller ID on my phone”

Fortunately, Richard stood his ground and called the genuine First Direct fraud team who confirmed that this was a scam. Which? reported the fake text and phishing website to both Royal Mail and the National Cyber Security Centre (NCSC). We also advised Richard to sign up for Cifas (£25 for two years) to protect against identity fraud

How to spot genuine Royal Mail communication

A Royal Mail spokesperson told us:

“Royal Mail will only send email and SMS notifications to customers in cases where the sender has requested this when using our trackable products that offer this service.’

The only time we would ask customers to make a payment by email or by SMS is in instances where a customs fee is due. In such cases, we would also leave a grey card telling customers that there’s a Fee to Pay before we can release the item. This would apply either to an international customs fee or to a surcharge for an underpaid item. This card may arrive later than the email or SMS. Royal Mail Group works hard to prevent and detect fraud.

We work with UK law enforcement agencies, Trading Standards and other organisations to share information and support robust proactive action against scams. Customers looking for advice on how to spot a fake notification should visit www.royalmail.com/scamprotection. Here they can view examples of current scams, and get advice on appropriate action”

Is it really your bank calling?

As this example proves, scammers can use number spoofing software to display false caller-ID information and trick you into thinking that their number belongs to your bank or another legitimate business.  

Which? is also aware that many scam callers will attempt to trick you into installing remote access software to ‘fix’ a spurious problem. This software is used by legitimate businesses – including the Which? Tech Support team and many IT support firms – but criminals abuse these tools to hack into email and bank accounts. 

Call-blocking services and phones offer some respite from unwanted calls. But the easiest way to stay safe is to hang up and call back on a phone number you trust, such as the one on the back of your debit or credit card.  

If you fall victim to fraud, contact your bank immediately and follow our step guide to getting your money back.

Have you had an experience of this Royal Mail scam? Let us know in the comments and, as always, help us warn friends and family.


Comments

I keep getting a call from a department saying that my national insurance number has be compromised, and they will suspend my insurance number if i do not press one. Its an automated voice ringing from 07449799624. I just ignore it and hang up. How do i know if its a genuine call or if i press one, will the call cost me xxx amount of money charged to my phone bill ?

Carole – Such calls are never genuine.

If such an occurrence did take place, the Department for Work and Pensions [DWP] would contact you formally, normally by letter, but the DWP would not necessarily know whether someone had fraudulently used your NI number [together with other verifying information]. It is best to terminate such calls immediately and not Press 1 or any other key.

Hi Carole, I had this one a few days ago and although the male voice sounded like polished English, the bad grammar gave it away:

This call is intended from the Bank of England. The reason behind this phone call is to inform you that your National Insurance Number will be terminated due to some unethical financial transactions. Ignoring this final warning may lead you to the legal troubles. Please press 1 to get more details. Thank you.

You can check phone numbers and add your experience to the link below. Scammers change their dialling numbers all the time, so no information doesn’t mean the number is safe, but adding a brief comment helps to build up a picture and warn others.
https://who-called.co.uk/

If I don’t recognise the number, I treat all phone calls as possible scammers unless they quickly prove otherwise. Please don’t press buttons in reply to these calls as it is still uncertain whether you can be charged so not worth taking the chance. By pressing buttons, you are telling the scammer you are a live one willing to engage with them, so likely to get an increase in scam calls. I have fun with live callers, but never press buttons. One recent call asked me to dial a number in Germany if I wanted calls to stop. The more you ignore them or don’t engage with them, the less likely they are to get a result so will concentrate their efforts elsewhere.

I had a funny experience the other day. I went to answer the phone to a usual scam-looking number and it disconnected a fraction before my finger hit the answer button. My phone then dialled the number. As far as I can tell I haven’t been charged for a call.

If you do end up speaking to someone claiming to be from the DWP ask them to confirm the first line of your address, your current employer (even if you’re unemployed / self employed / etc.) and your tax code

Carole

Unless I recognise the number or am expecting the call, I always let it go to voicemail or the message machine. Then, the decision as to whether it’s genuine can be taken without the caller applying pressure.
Even if I think the caller could be genuine, I feel the onus is on the caller to prove identity. I would not expect to give any identifying or financial information on the initial call: If they call me, the must know who I am.

Chiara’s introduction shows an example of how a text message with a link can be used for fraudulent purposes.

Sending text messages and emails with links is extremely convenient for the recipient but there are risks. If we were asked to log into our account to pick up a message or carry out some action the risk would be removed.

Patrick Taylor says:
23 March 2021

“The link in this text is disguised to look as though it points to the genuine royalmail.com website, this is done by capitalising the letter ‘I’ so it will appear to be the letter ‘L’. Therefore the link is actually ‘royaimaii.com’ which redirected Richard to a slick phishing website.”

Seems to me that the abilty to register such names that are open to abuse should be a consideration of major firms who could, by spending a tiny proportion of their budget buy or take these names themselves.

royaimaiiy.com $ 9.88

Hi, today i stopped before paying for a parcel with insufficient postage. It was only when the email asked for my personal details and then went on to ask for bank account details I hesitated ! I went to my local sorting office to check and “pay” if necessary. Over the last two weeks i have received several texts all stating they could not deliver. Unfortunately I did complete name, address and date of birth but luckily no account details. This is a concern for me but this level of information is readily available.
Avril

Tracked Mail from the Nederlands an the UK has gone missing from the sorting office to the delivery office, RM refuse to admit that their drivers could be thieves, I am still waiting for a parcel which should have been delivered in the first week in Feb 2021.

Phil McCarty says:
25 March 2021

I made the error yesterday of answering a call from an unfamiliar mobile number. The long silence after I said “Hello” set off alarms; a machine voice then claimed to be from the National Crime Agency – I assume a variation on the Inland Revenue scam. I immediately hung up and blocked the number. An hour later I received a call from another unknown number, answered without speaking. It hung up after a few seconds. Number blocked. We have also been bombarded three or four times a day, starting at 8am, by International number scammers. These now simply go ignored.

Marina says:
25 March 2021

I almost fell for the Royal Mail scam, as I had already received a genuine text from Royal Mail that my pharmacy package would arrive that day. Ten minutes after that another text arrived, purportedly from Royal Mail saying, “Your package has a £2.99 unpaid fee, to pay this now please visit: …..(link) or your item will be returned to the merchant.” Fortunately, I waited to see if my package would arrive and it was delivered by my postman a short while later – with no mention of an unpaid fee!

Sue says:
25 March 2021

I recently received a text message purporting to be from Royal Mail advising of an unpaid shipping fee of £1.99 together with a link to page the outstanding amount or the item would be returned. Convincing as it was the security on my phone would not allow access to the site suspicious and not expecting any package I had not already paid postage on I deleted the text and bloked the number when I received another message increasing the fee to £2.99.
I have since received an HSBC alert saying a payment had been set up and if it wasn’t me to access a site to say so. I replied “wrong person!! Scam?!
Then blocked the number. Was this a genuine mistake or another scam?

I received at least two of these texts this week. I say ‘at least’, because I use Mr Number and blocked the numbers used. Both of those numbers appeared to come from mobile phones rather than landlines, and I would expect an organisation to use landlines first, so that’s another hint about this being a fake message.

I had a message stating it was from Hermes they had been unable to deliver a parcel and asking for a delivery day also address D.O.B.which I filled in then came a request for £2-50 redelivery that’s when I stopped as I have never been asked for it before I assume it is another scam

Nathan says:
25 March 2021

Another clue that it’s a scam – why would a parcel delivery company need your D.O.B?

Cindy says:
25 March 2021

I have had several of these texts most of the time I’m not expecting any parcels so I know it’s a scam, parcels I normally receive come from Amazon so I know there is no fee outstanding. Do get fed up with all the calls coming through we tend not to answer landline unless a name pops up of who it is.

Michael Corry says:
25 March 2021

I had the parcel delivery scam but from the courier Hermes. I have their tracking app so I didn’t click the link in the text but entered the tracking number in the app. It wasn’t even a long enough number.

I had a text message purporting to be from Royal Mail two days ago re a small parcel to be delivered. It said they had tried to deliver and had been unable to and would I pay £3.45 to have it delivered by first class … it didn’t ring true as (a) the parcel wasn’t big enough to warrant a Royal Mail delivery van, the postman could have quite easily delivered, and (b) I live in Council Sheltered Housing gated community which can only be accessed by pressing my door number on main gate key pad. I hadn’t been out that day at all and no one had called on key pad. I deleted text straight away and parcel came anyway next day and not delivered by Royal Mail but by courier Hermes?

I too also nearly fell for the Royal Mail scam text. I was suspicious because it came from a mobile phone number and I also wasn’t expecting a parcel, so blocked the number and deleted it straight away.

I also received another scam text a couple of days ago purporting to be from Lloyds Bank. It started with LLOYDS ALERT (in capitals) saying that I had successfully paired a new device (which I hadn’t). If it wasn’t me then I should follow the link in the text. I was suspicious as, again, it came from a mobile phone number and in the link web address the ‘s’ was missing off the end of Lloyd, so read ‘http etc…..lloydbank.com’.

Chris says:
25 March 2021

The story above is identical to mine right up to me putting the phone down as I realised the new account details that he been set up for me didn’t seem right

My daughter was a victim of this 2 weeks ago, she was in fact waiting on a delivery from the USA, so we believed this was a genuine message so filled in the info through the link, luckily a good friend of hers who works for the royal mail told her it was a scam, she contacted her bank, cancelled her card and reported the fraudulent activity, she got her money back after 2 days, if it had not been for the parcel coming from the USA I don’t think she would have been taken in, just a coincidence it happened at that exact time !

Audley Ost says:
25 March 2021

We almost were taken in by this Royal Mail Scam, my wife received a text saying there was £1.99 to pay for a repeat delivery. I thought this unusual so checked on the Royal Mail tracking site. The number quoted on the text was not recognised. We decided to try again the next day but before doing so a friend contacted us and warned that this was happening, what I would like to know was ,How did the scammer get our mobile number? No damage done, Many thank to which scam watch for a warning.

J Gordon says:
25 March 2021

I also block all scam calls using the talktalk scheme. This morning about 8.0 am received a call from my “blocked number call handler”. Had great fun asking lots of technical questions until she gave up and hung up.

Marie says:
25 March 2021

I had the Royal Mail text the other day re: the £2.99 delivery charge. I also had one ‘from’ Lloyds Bank. I’ve had them ‘from’ the Inland Revenue, Argos, etc, you name them, I’ve had them. I send one back saying ‘drop dead ya scamming scumbag, down there for dancing’ Some actually go through. It’s recommended not to reply but the picture of them in my head is satisfying.

@Marie: all you achieve by replying to a phishing text or an email is that you confirm to them that they have used a valid phone number or email address that is current and in use. You can expect an increase in such traffic.

Richard Townley says:
25 March 2021

I also fell for the Royal mail scam! i was expecting parcels to be delivered on the day I received the email and foolishly filled it in and authorised a payment of £2.99 from my debit card. I also entered by bank details as requested. When it came to the tracking I entered the number of one of the expected parcels and it said ‘not known’. It was then that I began to smell a rat. So I cancelled my card and to date have not seen any unauthorised entries on my bank statement. I also forwarded the original email to report@phishing which included the telephone number of the scammer.