Scam Alert: Phishing Scams Targeting Royal Mail Customers - Cyber and Fraud Centre

Fraudsters are impersonating the Royal Mail on social media platforms, luring potential victims with cut-price deals on stamps. These scammers create fake websites using Royal Mail branding in an attempt to steal personal and financial information from those who are tricked into believing the promotions and websites are genuine.

How the Scam Works

Scammers will create fake social media profiles or post messages on legitimate platforms that appear to be from Royal Mail. These messages will typically offer discounts on stamps or other Royal Mail products. When unsuspecting customers click on these links, they are taken to a fake Royal Mail website that is designed to look like the real thing.

The fake website will often ask customers to enter their personal information, such as their name, address, and email address. Sometimes, the website may also ask for financial information, such as their credit card number.

An example of a fake Royal Mail website.

Once the scammer has obtained this information, they can use it to steal the victim’s identity or commit financial fraud.

Protect Yourself from Phishing Scams

Be cautious of unsolicited messages, emails, or links.

Do not click on links or attachments in emails or messages from people you don’t know or trust. If you think the message might be legitimate, contact the sender directly through a different channel to verify its authenticity.

Be wary of suspiciously low prices.

If you see an offer for stamps or other Royal Mail products at a price that seems too good to be true, it’s probably not legitimate. Scammers often use unrealistic discounts to lure victims into their trap.

Always visit Royal Mail’s website by typing the URL into your web browser

Never enter your personal information into a website that you don’t trust. Always type the URL of the website directly into your web browser. Don’t follow links from social media or emails.

If you’ve been a victim of phishing

If you have entered your personal information into a phishing website, it’s important to act immediately. Change your passwords for this account, ensuring you don’t use a password that you use elsewhere. You can also sign up for a credit monitoring service such as Experian and advise your bank which can monitor unauthorised or suspicious activity.

If you have sent money and haven’t received any goods, or have had money taken from your account, you can report the fraud to Police Scotland by calling 101.

Remember, if you are ever unsure whether a message is legitimate, it’s always best to err on the side of caution and not click links or provide personal information.

How to identify a phishing scam

Here are some things to look for that may indicate that a website or email is a phishing scam:

There may be poor spelling or grammar in emails or on the website.
The logo or branding may look odd, or the images may be low quality.
The website may ask for more personal information than is necessary.
The website may not use a secure connection (HTTPS).
The email may use urgent or pushy language to pressure you into taking action.
The email may contain attachments or links that could be malware.

If you think you have received a phishing email, do not click on any links or open any attachments. Instead, forward the email to the National Cyber Security Centre’s reporting service at [email protected] and delete it from your inbox.