Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – Royal Mail Phishing Scam

Royal Mail Customers hit with phishing scam

With the countdown to Christmas now well and truly on, fraudsters have launched a new phishing scam disguised as a parcel notification from Royal Mail.

In a bid to catch out unsuspecting consumers, the crooks are sending out text messages that appear to come from Royal Mail. The message informs the recipient that they have a parcel ready for collection but will need to pay £2.99 to pick it up.

If the user clicks on the link, they are directed to a legitimate-looking website with the address of

To the untrained eye, the site looks like a standard Royal Mail tracking page and to add even more credibility to the site, the fraudsters have added the company’s official logo as well as an advert for the Royal Mail app.

Royal Mail Scam
Image: Royal Mail Phishing Scam

The user is then prompted to enter their personal details, including their full name, card details, address and date of birth. Once this information is submitted, the scam is complete, and the fraudsters can then use the information to commit fraud or empty the victim’s bank account.

Royal Mail advised customers on how they should deal with a suspicious text or email: “There are scams that we’re aware of that look like they’re sent by Royal Mail but are in fact fraud or phishing scams. Please don’t click on any of the links in these emails and be vigilant if you receive communication that you aren’t sure about. If you receive a suspicious email or discover a Royal Mail branded website which you think is fraudulent, please let us know by contacting us here:

The most popular type of seasonal phishing attack is often linked to logistics. The criminals know that as Christmas approaches, people are sending lots of packages to friends or families or expecting the delivery of parcels themselves. This makes it the ideal time to launch their devious scams.

To reduce your chance of falling for a seasonal phishing scam, you should follow the below guidelines:

  • Never click on links or download attachments from unknown sources.
  • Pay close attention to the spelling of an email address, if there are any inconsistencies, delete.
  • If the text or email is threatening or urgent in tone, do not respond. This is a common tactic used to pressurise the victim into taking immediate action.
  • Legitimate companies will address their customers by their first name. If the text or email begins with ‘Dear Customer’ or ‘Attention customer’ – your suspicions should be raised.
  • Ignore and delete emails with poor grammar and spelling.
  • Use strong passwords to reduce the chance of your devices being hacked.
  • Install the latest anti-virus software on your device and make sure it’s regularly updated.
  • Enable a spam filter on your email account.
  • Beware of email offers – If an offer seems too good to be true, it usually is!
  • Be careful what you post online.
  • Check for the company’s contact details – phishing texts or emails tend to remain vague or have no contact details listed at all.

Despite the increasing sophistication of phishing attacks there are a number of ways you can protect yourself online. MetaPhish has been designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime. Get in touch for further information on how we can help your business.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations