Beware of a convincing Royal Mail SMS phishing scam asking for personal details and payment for re-delivery. Learn how to identify and protect yourself from this threat.
Cybercriminals are leveraging a highly convincing SMS phishing (smishing) scam, impersonating Royal Mail to deceive victims into providing sensitive personal and financial information. The scam, first spotted by the Hackread.com research team, uses fake delivery updates, and preys on users’ urgency and fear of missed deliveries.
Royal Mail delivers to approximately 32 million homes across the United Kingdom. A huge number among them belongs to vulnerable and elderly people making this scam a direct threat to their privacy and financial security.
How the Scam Works
The scam begins with a text message claiming to be from Royal Mail, notifying the recipient of a failed delivery due to an unclear or incomplete address. The message provides a link to a fake Royal Mail website, urging the user to update their delivery address to avoid delays.
Upon clicking the link, users are redirected to a fraudulent website that closely mimics the official Royal Mail page. The site requests the user to provide their name, address, email, and phone number, under the guise of verifying delivery information.
After submitting their details, users are taken to a payment page where they are asked to pay a small “re-delivery fee.” This page requests credit card information, including the cardholder’s name, card number, CVV, and expiration date.
To further add legitimacy, the fake site asks users to enter a one-time verification code, supposedly sent to their mobile or email. This step is designed to lull victims into a false sense of security. After completing the process, victims receive a confirmation message stating their update is successful and the package will be re-delivered on a specific date.
Why This Scam Is Convincing
The scam is highly convincing due to several factors. The fake website replicates Royal Mail branding, including logos, fonts, and layout, giving it a professional appearance. It leverages urgency and fear by implying time sensitivity, prompting victims to act quickly without verifying the source.
The request for a small fee of 0.23 GBP makes the scam appear trivial and non-threatening, increasing the likelihood of compliance. Additionally, the multi-step process, which mimics legitimate procedures like address verification and payment confirmation, helps establish trust and further deceives victims.
What Happens to Victims
Victims unknowingly hand over personal information, which can be used for identity theft. Additionally, the payment details collected can result in unauthorized transactions and financial fraud. In some cases, clicking on such links can expose users to malware.
How to Identify and Avoid Such Scams
- Verify Links: Always check the URL carefully. Official Royal Mail websites will not include suspicious domain names like “ssubmitf.top.”
- Contact Royal Mail Directly: If in doubt, contact Royal Mail through their official website or customer service to verify delivery issues.
- Avoid Clicking Links: Do not click on links in unsolicited messages. Visit the company’s official website manually.
- Be Skeptical of Payment Requests: Legitimate companies rarely ask for small fees through unsolicited messages.
- Report Suspicious Messages: Forward suspicious messages to 7726 (a free spam-reporting service in the UK).
The latest Royal Mail phishing scam shows just how sophisticated scammers have become. Even a major organization like Royal Mail has limited ability to prevent these attacks entirely. Stay safe!
RELATED TOPICS
- USPS Delivery Phishing Scam Exploits SaaS Providers
- Fake FedEx ‘missed delivery’ emails spreading ransomware
- New iMessage Phishing Campaign Targets Postal Service Users
- Chinese ‘Smishing Triad’ Group Hit Pakistanis with SMS Phishing
- Chinese SMS Phishing Group Hits iPhone Users in India Post Scam