A new delivery scam impersonating the UK Post Office has been discovered and it uses very convincing clone websites. Previous related scams have used Royal Mail, DPD and Hermes company branding as cover but the Post Office us used by millions of people every day so the scale of fraud is potentially much larger.

Fake messages arrive on a phone claiming that a parcel delivery has failed. Recipients are advised to click the link to ‘book a new date’ or ‘reschedule a delivery’ via two sites that have nothing to do with the Post Office.

Clicking the links takes you to extremely convincing Post Office clones websites. The first step of the scam is to invite you to enter your postcode before asking for your full name, delivery address, email address, date of birth and mobile number. This information is then fed directly to scammers who could use it for identity fraud.

Following this victims are asked to pick a new delivery date and hand over you’re their card details to cover the ‘redelivery charge’ of £1.10. The scammers can then attempt to steal money directly from a victim’s account.

Cleverly, the scammers even say the redelivery request has been ‘processed successfully,’ confirming the new date and asking the victim to press ‘exit.’ This redirects the person to the official Post Office website, making the scam even more plausible.

With a lot of these cases, the websites are only live for a matter of days mainly because once people start reporting a web URL the site becomes untrustworthy. Web browsers will also start flagging whether a site could be a phishing site and start blocking attempts for people to access them.

When this happens the sites are then usually taken down quickly. However, once one site is taken down, another appears.

What to do if you’ve been scammed
  • If you give your financial data away to a scammer, you should tell your bank in the first instance. Many banks let you cancel your cards via the mobile app so do this immediately if you can.
  • Keep a close eye on your bank statements and credit report.
  • Banks must refund unauthorised transactions by the end of the next business day, unless it has grounds to believe you authorised the payment or acted fraudulently.