Royal Mail delivery scam
We’re getting a LOT of feedback regarding one of the latest scams, one based around a Royal Mail delivery. You may have even seen it.
So why’s this one apparently so successful ?
Well, we’ve taken a look and there are a few reasons that people are falling for this one.
Firstly the initial message is brief, usually a txt message. This means one of the usual ways to spot a scam (bad spelling/grammar) is minimised.
Secondly the actual domain (ie the web page name) is quite cleverly constructed, making it look more genuine. The domain used is royalmail.co.uk-tracknow.com. This looks like Royal Mail but it isn’t. The actual domain is uk-tracknow.com.
Thirdly navigating to the page in question displays an almost perfect copy of the Royal Mail web page for outstanding charges.
Finally in these days of lockdown and enforced retail closure expecting a parcel is no longer an exception, more a rule… This means the txt isn’t unreasonable or even unexpected.
There are, of course, indications that, should you be drawn in, a scam is afoot.
First off the URL (the web page name) would be expected to say something.royalmail.co.uk (or something.royal-mail.co.uk). This one, admittedly, is well designed so people not unreasonably are breezing straight through.
Once on the site though there are other indications. If you need to pay Royal Mail for excess postage then surely you need THEIR bank account number – why are they asking for your bank account details ?
Also, clicking on the other links on the page all lead to ‘404 error, page not found’ – I tried to view the page in Welsh for instance, I did think a Welsh translation would be a step too far for the scammers !!!
This one, to be fair, does seem one of the easier ones to fall for but there are a few tricks to apply if you’re ever unsure.
If you’re asked to enter a username and password you can try entering incorrect details. A genuine site will know your details are wrong and tell you so. A fake site will record those details and usually say they are correct before redirecting you to the genuine site.
In the case of the fake Royal Mail site try clicking on the links around the site – often they will fail because it’s just too much effort for someone to completely duplicate a genuine site.
When making a payment you can again try the incorrect details trick, using a wrong sort code or account number (or CCV code) will result in a failed payment. Scam sites often record the payment as successful, having recorded the details of course.
In an ideal world you should only be following links on a computer that has good quality antivirus/anti malware software. Software that also includes Web protection. Even now this is quite an unusual thing for mobile phones or devices to have installed. In testing this scam I used a computer and I had to disable quite a lot of the protection in order to access the site. A standard mobile phone breezed straight through…
Best advice of course is to always be vigilant and, sadly, assume everything that asks for bank details or usernames and passwords (or any personal data really) is fake. This sort of mindset should lead you into always double or triple checking…
