/ Scams

Scam alert: fake texts, calls and a cloned Royal Mail site

Fraudsters attempted to wipe out a victim’s entire bank balance by setting up a clone Royal Mail website. Here’s how the scam worked and how it was stopped.

It started with a text, apparently from ‘Royal Mail’, claiming that a parcel was being held due to an unpaid shipping fee.

As Which? member Richard regularly exchanges parcels with family members who live abroad – and import and customs fees have increased following Brexit – this fake was particularly convincing:

The link in this text is disguised to look as though it points to the genuine royalmail.com website, this is done by capitalising the letter ‘I’ so it will appear to be the letter ‘L’. Therefore the link is actually ‘royaimaii.com’ which redirected Richard to a slick phishing website:

Make us aware of a scam with our new scam sharer tool

A lucky escape from a perfectly timed scam call

Richard entered his contact details, date of birth and debit card details on this Royal Mail clone.

The thief attempted to spend £1 using the stolen card details. Fortunately, his bank declined this payment (noting that it originated from an unusual device) and contacted Richard before immediately cancelling the card. 

But the scammers weren’t finished with their con.

The next day, they phoned Richard claiming to be his bank’s fraud team. Thanks to cheap number spoofing technology, his mobile phone identified the call as being from ‘First Direct’. 

The scammer pretended to be calling to follow up about the fraudulent card transaction, aware by now that the card had been cancelled. Understandably convinced that he was speaking to the bank, Richard initially followed the instructions – to protect his current account by logging into online banking and setting up a new sort code and account number.

The scam caller then asked him to transfer his balance to the new ‘secure’ account which thankfully rang alarm bells. Richard told us:

“At this stage the penny finally dropped and I told him I would prefer to call the bank myself to make sure that this was a legitimate exercise. He became very insistent and, essentially, tried to make me feel very guilty for wasting the bank’s time when they had called me to protect my money. When I asked him how I could be sure this was a genuine call he told me to look at the caller ID on my phone”

Fortunately, Richard stood his ground and called the genuine First Direct fraud team who confirmed that this was a scam. Which? reported the fake text and phishing website to both Royal Mail and the National Cyber Security Centre (NCSC). We also advised Richard to sign up for Cifas (£25 for two years) to protect against identity fraud

How to spot genuine Royal Mail communication

A Royal Mail spokesperson told us:

“Royal Mail will only send email and SMS notifications to customers in cases where the sender has requested this when using our trackable products that offer this service.’

The only time we would ask customers to make a payment by email or by SMS is in instances where a customs fee is due. In such cases, we would also leave a grey card telling customers that there’s a Fee to Pay before we can release the item. This would apply either to an international customs fee or to a surcharge for an underpaid item. This card may arrive later than the email or SMS. Royal Mail Group works hard to prevent and detect fraud.

We work with UK law enforcement agencies, Trading Standards and other organisations to share information and support robust proactive action against scams. Customers looking for advice on how to spot a fake notification should visit www.royalmail.com/scamprotection. Here they can view examples of current scams, and get advice on appropriate action”

Is it really your bank calling?

As this example proves, scammers can use number spoofing software to display false caller-ID information and trick you into thinking that their number belongs to your bank or another legitimate business.  

Which? is also aware that many scam callers will attempt to trick you into installing remote access software to ‘fix’ a spurious problem. This software is used by legitimate businesses – including the Which? Tech Support team and many IT support firms – but criminals abuse these tools to hack into email and bank accounts. 

Call-blocking services and phones offer some respite from unwanted calls. But the easiest way to stay safe is to hang up and call back on a phone number you trust, such as the one on the back of your debit or credit card.  

If you fall victim to fraud, contact your bank immediately and follow our step guide to getting your money back.

Have you had an experience of this Royal Mail scam? Let us know in the comments and, as always, help us warn friends and family.


Comments

I had two of these sent on successive days, both purporting to come from different mobile phone numbers, rather than a formal landline phone number. Something of a give-away in themselves, I’d think. I use MrNumber app on my phone, which indicated they were scams. But they do look convincing.

Anna says:
28 March 2021

I get half a dozen scam emails every day (‘Royal Mail/HMRC/DPD/Hermes/Fedex/various so-called lotteries’) – which I forward, without opening, to report@phishing.gov.uk. Do these ever get investigated?

Recently had a text allegedly from Hmrc about £25.55p and suspicious link. Contacted via a text message forward on text, next day had a reply. Also posted the number on the web where other people had same issue

Jen says:
2 April 2021

I get at least one a week from HMRC and I know others that do

I got the Royal Mail scam text a few days ago, it was very convincing with the logo and purporting to come from Royal Mail in Wales (that was the first clue, I live in Glasgow) and the clincher was it came to my work mobile. I would not and have not given my work number to Royal Mail at any time.

Kehinde Obisesan says:
29 March 2021

I had same scenario whereby someone requested for my bank details and i replied whether the information you requested doesn’t look authentic. Called them a dunce and scoundrel.

Hue Janus says:
30 March 2021

So far this year, I’ve won 2 lottery’s, inherited a6 million investment, been bequeathed 3.5 million euros, have been awarded 5 million by the FBI anti fraud squad, and have a box consigned to me estimated at containing 15 million in an airport left luggage dept, oh and I’ve also been highlighted by a princess to receive her hand and her fortune, so ime sorted mate, off out now to buy an e type and a nice boat for the Maldives and to meet my princess

I was Scammed by a Software company, how interseped a website to McAfee antivirus yearly renewal this company installed the software into my computer and hacked into my emails and bank account
This Company is called Zone Alarms it’s run by Indians i know the language as i also come from india

Hi UK, sorry to hear that.

Your scam description sounds typical of a “fake tech support” scam.

If you have not already done so, you will need to remove the software installed by the scammers. (On a Windows pc, System Restore can do that, if a pre scam date is available.)

Yes. My husband received one just yesterday. It said, “We could not take the fee required for your shipping. Please update your details on https://packagefee.com/ ” It came from this number – +44 7960 068139 . I keep getting phone calls supposedly from Amazon either telling me they have renewed my Amazon Prime Account or thanking me for an expensive order I have placed (which I haven’t). Fortunately, partly owing to Which?’s alerts neither of us responded to these fake messages but it is frightening to think that many people do. We get several fake calls a week and have never responded to any of them.

[Moderator: this website appears to be a scam website. We’ve retained the URL to help you identify it, but we’ve redirected the link to our guidance on how to spot fraudulent website. ]

Alan Yates says:
30 March 2021

I also received a message purporting to be from Royal mail to say they were retaining a parcel as a fee of £1.99 was owed and if not paid the parcel would be returned to sender. I ignored this as I was not expecting anything.

stewart says:
6 April 2021

got the same message today

Michael Taylor says:
1 April 2021

I received a message from +447398728161 at 01:45 in the morning. It stated,
Royal Mail: Your package has a £2.99 shipping fee, to pay this now visit
https://royalmail-ukdelivery.co. Actions will be taken if you do not pay this fee.
That was on the 24th. of March 2021. I was not awaiting a package so I have
ignored it. No action so far?

[Moderator: this website appears to be a scam website. We’ve retained the URL to help you identify it, but we’ve redirected the link to our guidance on how to spot fraudulent website. ]

Marg says:
1 April 2021

I got text message to say Royal Mail had tried to deliver a package (on a Sunday!) but received no reply and to call a number. I was immediately on the alert and did not respond.

Penny says:
1 April 2021

I have had a couple of text purporting to come from the Royal Mail, requesting smallish sums for the release of a parcel. Very convincing with the Royal Mail app (supposedly) at the top. Started to follow the link but, as soon as I spotted the request for all my bank details, down to the security code, sort code and account number, red lights flashed and I stopped. Typed in the https link they sent independently, and safari immediately flagged up that it was a scam. These crooks are so sophisticated nowadays it is frightening.

Peter Collins says:
1 April 2021

I had an amazing scam and I nearly got taken in. They told me that Microsoft owed me some money due to technical problems in the recent past. They took over my laptop showed me things I didn’t understand and then showed me my bank statement with the payment from Microsoft on it. (!!)

“Oh bother. The office has sent too much. Not to worry, go to the post office and send us a money order for the difference.” I believed them, especially as they had my bank statement open and with their credit on it. !!

Fortunately, it was Saturday and the Post office was now closed. They accepted that and said they would ring back on Monday morning. I put the phone down and began to think. Then I phoned my wonderful Bank, First Direct, and the scam was recognized. You may guess what I said on Monday when they phoned up. They were so believable I was totally taken in, and I consider myself reasonable bright. Not any more. I was a complete idiot.

DerekP says:
2 April 2021

Peter, good to hear that you realised it was a scam before parting with any money.

What you have described is a quite common type of scam, ie a “tech support refund” scam.

If the scammers installed remote access software onto your PC, you should make sure that it has been removed, if you have not already done that.

Hi Peter,

Glad you realised the scam before they called again.

If the scammer showed you your bank statement with ‘their transaction’ on it, it sounds to me like they took a copy of the statement then edited it before showing it to you. This does mean they might have copied all your documents so you might want to think whether anything else could have been compromised. Do you keep a document detailing your accounts or passwords for example?

There are similar scams pretending to be Microsoft, BT, Openreach, or another telecoms or internet provider. They might say your computer is spreading viruses, there is a problem with your computer, your internet is about to be terminated unless they can stop it, just to name a few.

I am sure you now know they are all scams and to never let anyone have access to your laptop, and if you are not sure, just ask someone (or post here) first.

Iain Fergusson says:
1 April 2021

According to my bank the only way that a hacker can do anything with my bank details is by setting up a direct debit. I have put a block on D/D’s being set up without my authorization. Does this plug the gap?

peter mays says:
2 April 2021

My wife had the Royal Mail scam text , we both happened to be in the home office when they called it was very convincing but fortunately we didn’t fall for it , we get many parcels so my wife had used her card to pay for the fee as it looked genuine – the scammer knew the 1.50 or so would be showing on the account and phoned saying there was possible fraud on the account , even told her to look in pending payments answered questions on where we banked although vauge about the actual address , had a cloned telephone IID that was the nationwide head office number etc – we became more suspicious when asked if we had our card reader and told him we would phone the bank directly ( number on the back of the card) nationwide fraud department were excellent and cancelled the card there were a couple of minor uses ( including a dominos pizza order !)
We are both business professionals- this was a very convincing scam and could easily see how someone who was distracted may well fall for it -longer sentences are needed for these criminals

PHILIP BAILEY says:
2 April 2021

Another Message “from” Royal Mail:
“Royal Mail: Sorry we missed you earlier, we have your parcel, to book a redelivery follow the link: https://royalmailparcel-gb.com/delivery?tracking=AL37394919GB
1. We have not ordered anything to be delivered by parcel post.
2.Whenever we are not in, Royal Mail leave a paper notification in the letter box, never an electronic message.
3. The punctuation on this message is terrible, using commas instead of full stops.

I am convinced this is a scam, similar to the one described above.

Liz says:
2 April 2021

I’ve just received a Text message… “RoyalMail: Your Package Has A £2.00 Unpaid Shipping Fee, Please Visit: https://rm-parceltracking.me If You Do Not Pay This Your Package Will Be Returned To Sender” … obviously a scam!!

Jenny Cochrane says:
3 April 2021

Text/email ‘from Hermes’ – missed delivery and therefore now charging £1.50 for re-delivery. We have used Hermes before and know that they do not charge recipient for re-delivery.

Elizabeth Coker says:
3 April 2021

I received an email from supposedly Royal Mail saying they had an amazon parcel for me and to pay ex amount of money to have it re-delivered. As I was expecting a parcel from Amazon that day I thought it must be the case, on filling out the form I noticed you had to give unnecessary details, when the question of bank details appeared alarm bells rang as Royal Mail leave a card for collection and never ask for bank and other details. I immediately left the page and sent an email to a local neighbourhood email site telling others of the scam. Nearly fell into their trap.

Hi please can someone help, I may need to contact my bank. I recently recieved the following SMS text message:
From:
+447775149187

RoyalMail:Your item has a £2 unpaid shipping fee, to pay this now please visit https://royalmail.ref220.com/

Can you tell me if the phone number or website are fake the website is very convincing.

Please help I’m desperate.
Thank you so much.

[Moderator: this website appears to be a scam website. We’ve retained the URL to help you identify it, but we’ve redirected the link to our guidance on how to spot fraudulent website. ]

Theo HOPKINS says:
4 April 2021

I got a Royal Mail scam. It was a cloned site, and looked genuine, but I was aware of the scam, so ignored it,
However, one of the things that made it look genuine was it even included a clickable link to get the details in Welsh language, an underlined “Cumryg”. (that may be my bad spelling of Cumryg – but you know what I mean.) With precautions I clicked on the link, but nothing happened,