/ Scams

Scam alert: fake texts, calls and a cloned Royal Mail site

Fraudsters attempted to wipe out a victim’s entire bank balance by setting up a clone Royal Mail website. Here’s how the scam worked and how it was stopped.

It started with a text, apparently from ‘Royal Mail’, claiming that a parcel was being held due to an unpaid shipping fee.

As Which? member Richard regularly exchanges parcels with family members who live abroad – and import and customs fees have increased following Brexit – this fake was particularly convincing:

The link in this text is disguised to look as though it points to the genuine royalmail.com website, this is done by capitalising the letter ‘I’ so it will appear to be the letter ‘L’. Therefore the link is actually ‘royaimaii.com’ which redirected Richard to a slick phishing website:

Make us aware of a scam with our new scam sharer tool

A lucky escape from a perfectly timed scam call

Richard entered his contact details, date of birth and debit card details on this Royal Mail clone.

The thief attempted to spend £1 using the stolen card details. Fortunately, his bank declined this payment (noting that it originated from an unusual device) and contacted Richard before immediately cancelling the card. 

But the scammers weren’t finished with their con.

The next day, they phoned Richard claiming to be his bank’s fraud team. Thanks to cheap number spoofing technology, his mobile phone identified the call as being from ‘First Direct’. 

The scammer pretended to be calling to follow up about the fraudulent card transaction, aware by now that the card had been cancelled. Understandably convinced that he was speaking to the bank, Richard initially followed the instructions – to protect his current account by logging into online banking and setting up a new sort code and account number.

The scam caller then asked him to transfer his balance to the new ‘secure’ account which thankfully rang alarm bells. Richard told us:

“At this stage the penny finally dropped and I told him I would prefer to call the bank myself to make sure that this was a legitimate exercise. He became very insistent and, essentially, tried to make me feel very guilty for wasting the bank’s time when they had called me to protect my money. When I asked him how I could be sure this was a genuine call he told me to look at the caller ID on my phone”

Fortunately, Richard stood his ground and called the genuine First Direct fraud team who confirmed that this was a scam. Which? reported the fake text and phishing website to both Royal Mail and the National Cyber Security Centre (NCSC). We also advised Richard to sign up for Cifas (£25 for two years) to protect against identity fraud

How to spot genuine Royal Mail communication

A Royal Mail spokesperson told us:

“Royal Mail will only send email and SMS notifications to customers in cases where the sender has requested this when using our trackable products that offer this service.’

The only time we would ask customers to make a payment by email or by SMS is in instances where a customs fee is due. In such cases, we would also leave a grey card telling customers that there’s a Fee to Pay before we can release the item. This would apply either to an international customs fee or to a surcharge for an underpaid item. This card may arrive later than the email or SMS. Royal Mail Group works hard to prevent and detect fraud.

We work with UK law enforcement agencies, Trading Standards and other organisations to share information and support robust proactive action against scams. Customers looking for advice on how to spot a fake notification should visit www.royalmail.com/scamprotection. Here they can view examples of current scams, and get advice on appropriate action”

Is it really your bank calling?

As this example proves, scammers can use number spoofing software to display false caller-ID information and trick you into thinking that their number belongs to your bank or another legitimate business.  

Which? is also aware that many scam callers will attempt to trick you into installing remote access software to ‘fix’ a spurious problem. This software is used by legitimate businesses – including the Which? Tech Support team and many IT support firms – but criminals abuse these tools to hack into email and bank accounts. 

Call-blocking services and phones offer some respite from unwanted calls. But the easiest way to stay safe is to hang up and call back on a phone number you trust, such as the one on the back of your debit or credit card.  

If you fall victim to fraud, contact your bank immediately and follow our step guide to getting your money back.

Have you had an experience of this Royal Mail scam? Let us know in the comments and, as always, help us warn friends and family.


Comments
Edna says:
26 March 2021

Both my husband and myself received a text pertaining to be from the Royal Mail I wrote back to them saying if I order goods on line I know whether postage is free or I have to pay for delivery so knew straight away it was a con wrote back telling them this didn’t hear no more from them did report this to age concern in order for people to made aware of this.

I received both the royal mail scam and similar from a fake DHL email Almost every day I am reporting Phishing emails to report@phishing.gov.uk and on one day had over 50 to report!

JACKI COLLEY says:
26 March 2021

What a coincidence it was to read about the Royal Mail scam when I have just had a narrow escape myself! In my case I had ordered a book from a reputable company via telephone and had paid £2.99 shipping costs at the same time. The next day I received email notification from Royal Mail that my order would be delivered on Friday, [2 days later], but later in the evening, I received a text message stating that my order was due for delivery on Thursday but I would need to pay £2.99 in shipping costs or else my parcel would be returned to the sender, and I was to do this through the link provided. I then accidentally deleted the text and thought that I would look into it the following morning via email. I the book supplier through their email and they followed it up but telling me not to pay over any money. They later got back to me and explained they had discovered the scam and were alerting their IT department. I thought I was only saved from paying twice for shipping but having read the Which article I am so relieved that I didn’t follow their link which could have led the scammers to my bank account!

Charles WHITE says:
26 March 2021

I seem to be receiving which scam alerts already, why do I need to sign up again??
C White

Michael Wood says:
26 March 2021

I already receive scam alerts from WHICH. Like Charles White I would like to know whether I have to sign up again?

S Robey says:
26 March 2021

Mine is to do with telephone calls claiming to be from BT and another from BT preferential services.
Both were very convincing trying to get my bank details. I hung up on the first who immediately phoned back. I am quite vigilant but was nearly scammed, after an hour I said I was going to phone my bank first and she hung up. The second call was very similar and after 5 minutes I insisted that the person should give me his name and telephone number but he wouldn’t, I also asked him for BTs number to ring them up and he said I should know it. When I got angry and shouted I want your name and telephone number, he hung up. I did report the first one to the police because she gave me her supposedly her name and telephone number which was different to the 1471 number. I would not like anyone to have their bank account emptied through these thieving scammers and people should be fully protected and something done about it.

I have received two examples of the Royal Mail scam, in each case saying there was £2.50 outstanding on a parcel. The first time, I was actually expecting a parcel, ordered from a firm on line, and paying by credit card, which included the postage. I felt sure there was no truth in the claim, and forwarded it to the Report phishing website. (The parcel arrived safely a day or two later). The second time I did the same. Each time I got a reply giving details of how the Report phishing works. This is a quick way to pass fake emails to be checked and taken down.

I also had a text from ‘Royal Mail’. I clicked on the link, filled in the false information, date of birth being 2021,false bank details, clicked submit & it went through with a thank you message. I’m waiting for one with a call from ‘the bank’ where i tell them i’ll ring them & they expect me to pick up the landline when i can use my mobile to ring the bank for free.

Wendy Lanman says:
26 March 2021

I also received the ‘royal mail’ scam text – on my birthday, which made me hesitate, but I decided to risk upsetting someone who might have sent me a parcel from abroad and so deleted the message. A few weeks ago I had a similar sms from a courier company but deleted that one too. I have become very cynical and wary!!

Eric Shaw says:
26 March 2021

I received an email from ” Royal Mail “. I followed the link and was asked for my phone number so I used my old mobile number. It then went on to ask for my details but as I read the form they wanted me to fill in, I noticed that they asked for my mother’s maiden name, it was then I realised that it was a scam. I then marked the email as spam and deleted it. I then ran a virus check in case they had tried to infect me with a virus or key strike checker.

Steve says:
26 March 2021

I have had the royalmail one and the tax rebate scam has well has the fedex scans . There got a returned message’s with a lot of f’s and c’s in and nothing but scum . Only way to stop the low life who live of peoples missery is to ban the sale of your mob number and email to a 3rd party . When i get what i think is a scam email i normaly have a look at the sender details then copy and paist there ip address number .I have a ip address searcher i found online it gives u the address of the ip address and a google map location most have been of office locations and thats where mr 3rd party comes along .

@Steve: They can hide their real ip address just as easily as they can hide or spoof a phone number. They also use botnets with people’s computers that they have infected, so the email you receive has been relayed via other computers before reaching you and any ip address you see is not theirs.
Sending a return message simply confirms to them that your number of email address are valid and they can sell it on!!!
I just send any suspicious emails to report@phishing.gov.uk (this is action fraud). Do NOT forward the email using the forward command of your email app. open a new email addressed to Action Fraud and attach the suspicious email as an attachment. Action Fraud can then access all the routing info. embedded in the email.

Usually scammers do not start with your mobile number or email address or buy from a contact in a legitimate organisation.. They have computer software that generates and contacts hundreds of thousands of possible number s and possible email addresses. Some are not valid, some are real but are ignored. Some catch people, and some (like you) replay and they can sell on your contact details as being valid and current.

Steve: They can hide their real ip address just as easily as they can hide or spoof a phone number. They also use botnets with people’s computers that they have infected, so the email you receive has been relayed via other computers before reaching you and any ip address you see is not theirs.
Sending a return message simply confirms to them that your number or email address are valid and they can sell it on!!!
I just send any suspicious emails to report@phishing.gov.uk (this is action fraud). Do NOT forward the email using the forward command of your email app. Open a new email addressed to Action Fraud and attach the suspicious email as an attachment. Action Fraud can then access all the routing info. embedded in the email.

Usually scammers do not start with your mobile number or email address or buy from a contact in a legitimate organisation.. They have computer software that generates and contacts hundreds of thousands of possible number s and possible email addresses. Some are not valid, some are real but are ignored. Some catch people, and some (like yourself) reply and they can possibly sell on your contact details as being valid and current.

Francis says:
26 March 2021

My wife had a similar text like in this article and it took her to this fake Royal mail website. I realised it was a scam. I told her not to respond.

Had one delivered from post woman I told if it was me they would have my name she had delivered to most of our street so I put on face book to share needless to say I tore it up and told our street to do the same

I received a text supposedly from Royal Mail on 10th March giving me a link to pay £1.99 for redelivery on a parcel waiting for delivery. Fortunately I know that I should have had a card through the door when they attempted delivery and that to arrange redelivery you have to go to the Royal Mail website and it is free.
The text read:
Royal-Mail:Your parcel is waiting for delivery. Please confirm the settlement of 1.99 (GBP) on the following link: https://redeliveryuk-rm.com/

[Moderator: this website appears to be a scam website. We’ve retained the URL to help you identify it, but we’ve redirected the link to our guidance on how to spot fraudulent website. ]

Rachael says:
27 March 2021

I get these fake royal mail, DHL and other courier sms/email everyday. At the moment we get at least 3 land-line calls per day claiming to be from BT engineers. They ell us our desktop computer has multiple viruses, and we must pay £85 to sort it out. Anyone employed by these companies should be locked up for 12 months with any assets seized.

Nick Edrupt says:
27 March 2021

One of the easiest tells when getting a call. Is someone claiming to have an English name and having a heavy Indian accent. Unfortunately the Indian authorities do not have the means or will power to solve this problem so its our responsibility to wise up and protect ourselves. There are some excellent you tube videos on the subject

Jackie says:
28 March 2021

I had one of these years ago when I was new to this sort of thing. But I even then I was wary so asked them to wait while I went to get my bank card….then called my son on my mobile and he said it was a scam so I’m very careful these days

I had a royal mail scam text this afternoon

Barbara Wootton says:
27 March 2021

My partner received a text message telling him he had to pay for a parcel being held by royal mail. Had heard about scams. Checked the real mail website and saw warnings. Just ignored message on his mobile.

Though let’s be honest here. The biggest scam is customs charges.

That’s not really a scam though. Customs charges are intended to protect UK companies from cheap overseas competition, including from countries with lower standards than ours.

I avoid customs charges by buying from companies trading in the UK. If something goes wrong it is easy to return my purchase.

Hi , I had a fake email purporting to come from Hermes. I only twigged when they asked for a redelivery fee of £2.10. No card had been left.

I had one through Hermes I thought it was a scam soon as they ask for some of my bank details you’ve got to stay alert try not to get sucked into it

I have at least 6 scam calls a week. I have a call blocker on my phone and use it each time but it doesn’t seem to do any good.

Hi Smaden,

If you only have a call blocker that puts numbers onto a block list, then you’ll fall prey to further scam calls each time the scammers change their called id number.

They do this regularly, because they are calling via the internet and the software they use lets them choose a fake caller id number for each call.

At the moment, the best way of blocking scam calls is to use a blocker that allows you to set up an allowed list of numbers. Then only numbers in that list are allowed to ring the phone. All others are either sent to answerphone or blocked outright.