Expecting a delivery? Watch out for phishing attempts warning of held packages and bogus shipping fees. This Royal Mail delivery scam begins with a text message out of the blue, claiming:
> Your Royal Mail parcel is waiting for delivery. Please confirm the settlement amount of 2.99 GBP via:
>
> Uk(dot)royalmail-bill(dot)com
Lots of folks may assume this text message is genuine, along with the URL. This would be a mistake. What we have is a simple but effective phish. It takes advantage of several real-world factors to ensure it's possibly a bit more believable than other missives landing in mailboxes.
What are they up to? Let's find out.
The link leads to a fake Royal Mail page which as good as repeats the message from the text, with one important addition:
> If you do not pay this your package will be returned to sender
It doesn't mention how long is left until the package is returned. (There's nothing like a bit of sudden pressure to make people jump through some hoops.)
The phishing page has two sections. The first asks for a lot of personal details like name, address, phone number, and email address. Clicking the continue button leads to a request for payment information, in order to pay the non-existent fee.
If the victim continues, the phisher has both their personal information and their credit card.
This is a smart scam, for a number of reasons.
If you or anyone you know has been caught by this, contacting banks or credit card companies is a priority. This would also be a good time to explore our in-depth look at phishing tactics. It's a particularly unpleasant scam to be caught out by, when a majority of people are reliant on postal services. If you're in doubt over the status of a parcel, go directly to your delivery service's website. What you'll lose in time, you'll more than make back in terms of your bank account remaining safe and sound.
The post Royal Mail scam says your parcel is waiting for delivery appeared first on Malwarebytes Labs.