Postal fraud is nothing new, but this latest message arriving on phones is one of the most elaborate yet. iPhone and Android users will be attacked by the new threat via a simple text message that says, “Post Office: Your package was forwarded to your local branch due to an unpaid shipping fee.” This is followed by a clickable link that uses the mailing address to make it look like the real deal.
Of course, we’ve all seen these messages in our inboxes before, but this message is so clever that the website embedded in the link will lead you to something that looks so real that it can be easily fooled.
To see how easy it is to be fooled, Express.co.uk visited the website and, using a fake name and address, went through each step of the scam to see exactly what data the thieves were getting from the Office customers try to obtain unsuspecting mail.
From the start, the whole scam looks absolutely real as the official Post Office logo appears, fancy animations pop up, and even the font looks like the originals.
The first window you see has a very simple message asking for your zip code to check for the missed delivery.
After providing this information, you will be asked for your name and full delivery address.
At this point, Express.co.uk added a completely fictional name and address and you know what? The system showed that a package was found and was waiting to be delivered.
And this is where things get serious because the next part of the form asks some very personal questions, including date of birth and cell phone number.
Once that dates are added, users will be prompted to choose a re-delivery date which again looks incredibly real.
Finally, you will see a page asking you to pay a fee of £ 2.39 to receive the package and a form that requires full banking information including card number, CVV security code, account number and routing number.
Anyone who falls for this trick has unwittingly handed over everything a cybercriminal would need to make fraudulent purchases. It’s scary stuff.
The Post says anyone who receives a suspicious email, text message, phone call, or spots a Royal Mail branded website that they believe is fraudulent should report it to email@example.com.
If you have been a victim of payment fraud, a crime reference number can be obtained by reporting it to your local police station.
And if you’ve clicked a link, provided personal information such as your bank account details on a website or over the phone, or fear you’ve been compromised, you should also report the scam in a new window to Action FraudOpens, the national fraud reporting center.