Fake texts from fraudsters pretending to be Royal Mail and emails impersonating the likes of Microsoft, UPS and car park operators were among the scam
Fake texts from fraudsters pretending to be Royal Mail and emails impersonating the likes of Microsoft, UPS and car park operators were among the scams which tried to catch Britons out over the festive period.
This is Money asked for readers’ experiences after we reported how phishing emails which pretended to be from the courier company DPD and Royal Mail were targeting Britons’ inboxes in the run-up to Christmas.
Of the dozens of responses we received many detailed scams in a similar vein, with recipients told they needed to pay a fee in order to reschedule a missed parcel delivery, causing confusion at a time when people were expecting Christmas deliveries.
This is Money received dozens of emails from readers after we reported on how fraudsters were spoofing the courier company DPD and Royal Mail in the run up to Christmas
One reader, Mark, told us how he was nearly caught out by a text claiming to be from Royal Mail, at a time when he was expecting several deliveries.
The message, which appeared to come from the same number as other legitimate texts from Royal Mail, asked him to click a link to reschedule a delivery.
Scammers had swapped out the ‘l’ in Royal Mail for an ‘i’, something he only noticed when he copy and pasted the message and changed the font colour.
‘But for the URL I would have been taken in totally’, he said.
Scammers can use cheap software to make it look as if messages or phone calls have come from the same number as legitimate ones.
One This is Money reader almost fell victim to a phishing text which claimed to be from Royal Mail. It appeared alongside legitimate texts from the parcel delivery firm
Banks and the taxman frequently see their phone numbers spoofed by scammers, and there were thousands of reports of phishing texts last year as fraudsters sought to cash in on the coronavirus pandemic.
Britons have recently been urged by Trading Standards to beware another phishing scam doing the rounds which claims to come from the NHS.
It offers recipients the opportunity to apply for the coronavirus vaccine provided they follow the link and provide personal and payment details, which will be harvested by fraudsters.
Vulnerable Britons are being targeted with fraudulent text messages offering them access to coronavirus vaccinations
The website is designed to look like the legitimate NHS one, and was first reported at the end of last month by people living in the Western Islands in Scotland.
Trading Standards’ Katherine Hart said: ‘The vaccine brings great hope for an end to the pandemic and lockdowns, but some only wish to create even further misery by defrauding others.
‘The NHS will never ask you for banking details, passwords, or Pin numbers and these should serve as instant red.’
Trading Standards said text messages had been sent out including links to fake NHS websites that asked recipients for bank details, supposedly for verification purposes
Such impersonation messages are often very convincing. Another reader, Helen said a fake email claiming to come from Royal Mail ‘was so convincing’ she actually took it to her local sorting office in Waterlooville, Hampshire, where it was confirmed to be fake.
‘I was nearly fooled and clicked on the link which then asked for bank details’, she said.
How do fraudsters get my details?
Unfortunately, contact details are not as secure as everyone would like them to be.
With the amount of newsletters, subscription services, and marketing emails people sign up to or opt into receiving, it only takes a breach or improper handling of customers’ at one company to hand fraudsters your contact details.
It is not even that sophisticated, with fraudsters often taking a scattergun approach and targeting hundreds or even thousands of people at once, especially in cases like the fake emails from DPD and Royal Mail where people nationwide would be on the lookout for parcels.
Contact and personal details can also be gleaned from public forums like social media platforms, which is how fraudsters may also crack your passwords without you necessarily handing them over.
The DPD scam duped 35 victims out £103,000 in total in the first week of December, or £2,942 each, according to figures from the fraud reporting service Action Fraud.
But the fraud was not limited to the festive period, with 5,478 reports of suspicious DPD emails forwarded to the Suspicious Email Reporting Service, set up by the National Cyber Security Centre, in November, when England’s second national lockdown saw shops closed.
And parcel delivery firms were not the only ones impersonated by fraudsters over Christmas.
One reader, Michelle, received an email in mid-December claiming to be from NCP, the UK’s largest private parking company, which falsely said she owed £14.99 for a penalty charge after failing to pay a fare at the start of September.
She said she ‘very nearly fell for’ the scam if it hadn’t been for funny characters in the email.
Had she followed the link and attempted to pay, she likely would have also had her bank details compromised, on top of losing nearly £15.
Beverley told This is Money she had received a fake email in the first week of December saying her ‘car tax was overdue’.
‘It looked like a genuine DVLA form’, she said, and she had even filled in the form as far as her bank details before she called her garage to check if the tax was overdue, which it wasn’t.
Another reader, Michelle, was sent an email claiming to be from NCP saying she owed a £14.99 penalty charge due to failing to pay a parking ticket in September, which hadn’t happened
The DVLA had previously told This is Money there had been a 603 per cent rise in scam emails and texts between July and September last year compared to the same three months the year before.
And Tom, a reader from Devon, received a fake email at the start of December from ‘Microsoft’ telling him his account would be disconnected if he did not verify his email address, another way of trying to steal his details.
Microsoft and the UK Government were also impersonated by fraudsters. The fake ‘free payment’ message was a popular choice among scammers in 2020
Bank fraud chiefs urged recipients to be on their guard and avoid clicking on any suspicious links, and instead access a website through typing in a web address known to be legitimate.
Lloyds Bank’s retail fraud director Paul Davis said: ‘Scammers are ready to disappear as soon as they’ve got their hands on your cash, so it’s more important than ever to treat every email, message and call that you’re not expecting with caution.
‘Even if you think you know the sender, don’t reply to a text or email message if it seems odd and never enter your personal information.
‘If you’re not sure, phone the company on a number you trust or visit its website by typing the web address directly into the address bar at the top of your screen.’
And one request for money which was actually legitimate
Sandra Cross, from Mansfield, sent a Christmas present to her cousin in Canada which she had bought from The White Company and was delivered through DPD.
However, she was concerned when she received an email claiming to be from the logistics firm Aramex saying she needed to pay a fee.
Sandra Cross, from Mansfield, was concerned she was the target of fraudsters when she was asked to pay import duties on a present she sent to her cousin in Canada
She was also worried by a post on the company’s website warning about ‘unexpected requests for money in return for delivery of a package’, which it said was often a sign of fraud.
However, after contacting Aramex’s customer services it turned out she had to pay duties after all, due to The White Company’s choice of courier.
She said if the parcel had been sent through Royal Mail there would have been no import duties to pay.
‘I paid them £20 to deliver some shower gel and body lotion not pick a carrier that didn’t operate in Canada who wanted £11 import charges’, a frustrated Sandra told us.
Barclays’ head of fraud, Jim Winters, added: ‘Scammers are using increasingly sophisticated means to get unsuspecting members of the public to divulge their personal information.
‘In this new national lockdown, they will continue to target individuals when they may be feeling more vulnerable than usual, and we all need to stay a step ahead by doing the appropriate research and never giving out our personal information.’
Those who receive suspicious emails can forward them to ‘[email protected]’ and texts to 7726.
Some tips to protect yourself from scams
Barclays offers the following advice:
- Stop and think – check a website is secure before entering any personal or payment information and look out for any unusual requests.
- Never share personal or security information on a site accessed via a link in an email or text message.
- Only access online banking by typing your bank’s web address into your browser or access from your favourites.
- Never share confidential information by email or text – it’s not secure.
- Stop and think when clicking on links or opening attachments in emails or texts you weren’t expecting – if in doubt, delete it.
- Be wary of any phone calls especially after a suspicious email.
- Also watch out for texts, emails or social posts out of the blue which claim to be from your bank, an organisation or another company asking for personal information.
- If you’re unsure, get in touch with the sender using an independently sourced phone number.
- Never call the number in a text, email, message or on an answerphone.
- Remember to add payment purpose when completing a payment with your bank as it helps to identify any suspicious activity.