Post Office scams aren’t anything new but this latest message arriving on phones is one of the most elaborate yet. iPhone and Android users are being targeted by the new threat via a simple text message which says, “Post Office: Your parcel has been redirected to your local branch due to an unpaid shipping fee.” This is followed by a clickable link that uses the post office address to make it appear like the real deal.
Of course, we’ve all seen these messages arrive in our inbox before but where this one is so clever is that the website embedded in the link takes you to something that looks so real it’s easy to be duped.
To see just how simple it is to be fooled, Express.co.uk visited the website and, using a fake name and address, we went through each step of the scam to see exactly what data the thieves are trying to gain from unsuspecting Post Office customers.
Right from the start, the whole scam looks totally genuine with the official Post Office logo appearing, slick animations popping up and even the font looking just like the real thing.
The first Window you’ll see features a very simple message asking for your postcode to check for the missed delivery.
Once you’ve handed over that information you’ll then be asked for your name and the full delivery address.
At this point, Express.co.uk added a completely fictional name and address and, guess what? The system revealed that a parcel had been found and was waiting to be delivered.
And here’s where things get serious as the next piece of the form starts asking some very personal questions including date of birth and mobile number.
Once that data is added, users are then asked to select a date for redelivery which, again, all looks incredibly genuine.
Finally, you’ll see a page asking for a charge of £2.39 to be paid to receive the parcel and a form wanting full banking details to be added including a card number, CVV security code, account number and sort code.
Anyone falling for this trick will have then, unwittingly, handed over everything a cyber criminal needs to make fraudulent purchases. It’s scary stuff.
The Post Office says that anyone receiving a suspicious email, text message, telephone call or discover a Royal Mail branded website which they think is fraudulent, should report it to [email protected]
If you have been the victim of a payment scam, you can get a crime reference number by reporting it to your local Police station.
And if you have clicked on a link, provided any personal data like your bank account details on a website or over the phone or you’re concerned that you’ve been compromised, you should also report the scam to Action FraudOpens in a new window, the national fraud reporting centre.
People across the UK should be on the lookout for a new text scam. A number of people have received messages telling them that they have missed a call and now have a voicemail waiting for them. The text also includes a link, supposedly to play the recorded message.
However, the link sends users to a website designed to steal sensitive personal information, like credit or debit card numbers, emails or passwords. Hackers can then use this data to break into online accounts, or to attempt another scam – by pretending to be your bank. Scam artists can use some of the details you’ve provided to them, like a credit card number, to trick you into thinking it’s a legitimate call from your bank and providing them with the last missing parts of the information – like the CVV number on the back of the card, or the answer to a security question to access your online accounts.
The spate of messages claiming that “you have received a new voicemail” are part of an ongoing flood of text scams plaguing the UK. The pandemic has forced millions of us to work from home and change our habits. It has pushed more people to rely on web services, such as online banking apps, online supermarket shops, and more. That has created a greater opportunity for scam artists.
And they’ve seized that opportunity with both hands.
MORE LIKE THIS Make sure everyone you know is aware of this NHS COVID-19 text scam
Mobile networks EE, Three and Vodafone all warned customers about the flood of fraud texts. Text messages designed to look like a missed delivery notification complete with a link to reschedule the parcel were sent to thousands across the UK. With a quick skim-read, it can be easy to fall for these scams. We’ve all ordered something online and then promptly forgotten about it.
And if there are delays with stock or slow shipping, it can be easy to forget when an order is due. Not only that, but if you need to leave the house to collect kids from school or grab some shopping, you’ll want to know exactly when that doorbell is going to ring. These text messages prey on our forgetfulness to trick us into following the link.
Other versions of these scams don’t mention tracking with the link, but instead, push users to click the URL to settle unpaid postage on the package.
Between June 2020 and January 2021 alone, Action Fraud – the UK’s national reporting centre for fraud and cyber crime – received 2,867 crime reports mentioning delivery firm DPD. Similar scams involving Royal Mail, Hermes, and other courier brands have also circulated in the same timeframe.
This concerning trend is known as smishing – a portmanteau of scam messaging.
The Money Advice Service warns that “smishing can be difficult to spot, particularly if it’s someone who would normally contact you by text. But, like email scams, there are some tell-tale signs. For example, there might be spelling mistakes or the text just addresses you as Sir or Madam. Real messages from these companies will usually address you by your full name.
“You can also look at the phone number it’s been sent from. First, it won’t be the same as the one on your bank card. Second, it might be sent from an overseas number. Fraudsters won’t just pretend to be your bank. Sometimes they’ll claim to be from an online account such as PayPal, or a service you subscribe to, such as Netflix. Fake text message scams have also been reported targeting customers of government organisations such as HMRC and the DVLA.”
The Money Advice Service, which is the largest single funder of debt advice nationwide, warns anyone who is suspicious of these messages to avoid clicking on any links found in the text. If in doubt, go directly to the website and login as normal – navigating to the Hermes website separately and inputting the order number from the text will soon rumble it as a fake. And since you didn’t follow the link from the text message, you can be sure you’re on the genuine website and your bank details are safe, for example.
If it’s already too late and you’ve fallen for one of these growing number of text messages, you need to act fast. First up, report the scam to Action Fraud by calling 0300 123 2040. If you’ve entered your payment details into a website or online form that you believe was set-up by hackers, you should contact your bank to flag the mistake. This ensures they will be on high alert for any potential fraud.
It also means they can provide you with a new card if they believe the details are already compromised.
Santander is used by millions of savers, but unfortunately, this gives a wide range of people for cybercriminals to target. While people may have come across scams in the past, it appears fraudsters are stepping up their efforts during the pandemic to prey on uncertainties. A particularly challenging issue at present has arisen with Britons receiving a barrage of text messages which claim to be from Santander.
People have been asked to press a key in order to retrieve a message from their bank, but are told to hold the line.
This could be a way for scammers to connect individuals to a premium rate phone line and drain their money this way, rather than through a phishing effort.
As a result, individuals are always encouraged to be on the lookout, and with scammers deploying a wide range of techniques, protecting oneself is key.
Britons are always urged to delete any unexpected text messages they receive, particularly those with links.
They should always check where a message comes from, for example the domain name of an email, which may be false.
When thinking about phone calls, these should also be disconnected promptly.
A person can also contact their bank by independently looking up contact details to confirm correspondence is legitimate.
A number of people shared their close brushes with scams which claim to be from Santander.
One said: “I got a scam one from ‘Santander’. No point in telling them the phone number it came from, as they rotate these.
“I feel the phone provider should be responsible as they must be seeing these texts being sent in bulk across their network.”
Another wrote: “I get loads daily from ‘Santander’ and ‘HSBC’ and I don’t even have an account with them so know it’s a scam. Common sense should prevail. Most people just delete this.”
And a third stated: “So many scam calls texts and emails at the moment.
“Email purportedly from Santander warning me to improve my online security to avoid scammers! I don’t have these accounts so easy to spot, but very convincing. Never click the link.”
The founder of Money Saving Expert, Martin Lewis, recently tweeted about the issue of scams, following being targeted himself by a text claiming to be from HSBC.
The financial journalist was quick to point out he did not have an HSBC account, but called for further action to be taken on the matter.
He said: “If only we’d proper regulation and place funded to deal with UK’s biggest crime, which hits financial and mental health.
“Rather than it effectively being an unpunished free for all.”
Forget the Age of Aquarius (what do you mean, you already did?) — this is the age of the roguelike deckbuilder. If you’re into cards, procedural generation, dungeon crawling and turn-based combat, then buddy, you’ve come to the right review, because Rise of the Slime is all of those things.
Yes, if you’ve enjoyed the likes of Slay the Spire, Dicey Dungeons, Hand of Fate, Thronebreaker, and Nowhere Prophet, then it’s time to add Rise of the Slime to your deckbuilder bucket list. Made by a solo Latvian developer, it’s centred around the story of one underdog (underslime?) who’s trying to, erm, go… somewhere? Or be the King? Something to do with a crown?? Honestly, story seems pretty light in this one, but we’re not playing deckbuilders for plot, right?
Rise of the Slime ticks a lot of the deckbuilder and roguelite boxes: moving from room to room, defeating varied parties of enemies with different strengths and weaknesses, winning cards to bulk up your deck, and occasionally finding “mutations” that will add buffs or conditions to your run. And, for the most part, the selection of cards, playstyles, mutations, and enemies will keep the game ticking along quite nicely indeed.
At the beginning of each run, you can choose to spec into poison, fire, or just straight daggers-and-shields, much like Slay the Spire, and each of these classes will offer unique cards to pick up as you go. However, you can seemingly get cards from any class no matter what you choose at the beginning, so you can also mix-and-match as you see fit.
A vital part of the deckbuilder oeuvre is being able to strategise, and that means being able to check out stats, read the details on a card, or have a quick explainer to tell you what it means for an enemy to be Hasted. Rise of the Slime pulls from a lot of other, similar games with the way its cards and combat work — no shame there, there’s no need to reinvent a very good wheel — but it doesn’t seem to be optimised for the Switch.
The most egregious example of the ways Rise of the Slime doesn’t quite suit the platform is the teeeeeny tiny text. At least when playing on handheld mode — which is ideal for short bursts of play, if we didn’t have to put our faces an inch away from the screen — the text is the most minuscule font size possible. There are plenty of other tiny text offenders on Switch, but if this print were any smaller, it would only be readable by lawyers. It’s better on the big screen, but even then, there’s a lot of white-text-on-light-grey-background, and use of typefaces that aren’t always easy to read.
And there’s a lot of text in this game. Every single card, plus the enemy’s information, and even a lot of the menu options is presented in this itty-bitty writing, like you’ve accidentally selected “Optometrist Mode” at the beginning. Our second nitpick makes it a little worse, too, because Rise of the Slime is quite clearly intended to be played on the touchscreen — which means your big ol’ sausage finger getting in the way as you try to read the tiny text is just another obstacle to contend with.
Now, we tried to play Rise of the Slime with a controller, but the game kept switching arbitrarily between control stick and D-pad for movement and selection, and every card needed to be selected, targeted, and selected again, even the “End Turn” one. Also, a few of the controls — like looking at an enemy’s stats, or opening a card pack — were hard to figure out. It was annoying, to say the least, and the touchscreen controls were much more accessible and easy to use.
But the Switch touchscreen is fickle, and we’d often find ourselves touching a card to read it, only to accidentally play it and waste our limited energy resource. Similarly, the movement mechanic means that you can only move two spaces at once, and there’s no way to undo it if you accidentally tap the wrong place. Which you will. A lot.
Aside from some sticky, fiddly controls and the tiddly text, Rise of the Slime gets it pretty spot-on. The metagame of which cards you want in your deck is almost as compelling as it is in Slay the Spire, albeit more limited; plus, we had quite a few battles where we managed to scrape a success with some sneaky strategy, which is always fun. There’s no permanence in the game; some roguelites will let you use currency to upgrade yourself permanently, like Hades‘ Mirror mechanic, but Rise of the Slime starts you from zero each time. In that way this has more or a traditional roguelike flavour, but that doesn’t necessarily mean you’ll like it.
The art is quite nice, and has a lovely layered depth to it, with a few charming details like the Slime whistling a little tune as he walks, and all the characters being cardboard cutouts on sticks. The writing is serviceable enough, though quite a few typos might grate on you if you’re the kind of person who doesn’t like to see spelling errors in a finished game. But there are still some balance issues, and some downright glaring faults, too, like when we spent all our money on upgrades for the next run, only to find that it didn’t take for some reason, and we’d just lost 4000 gold for nothing. The developer has promised updates and support, so this might be fixed at some point, but for us, it’s too late.
It’s worth knowing that Rise of the Slime is a pretty short game — we completed a run after just a couple of hours, and it seems like the idea is to do the run again, but with harder enemies, or change between “Challenge” mode (a continuous run with a difficulty curve), “Short Run” (a more casual, quick run that’s a little easier), or “Old Path” (which says it’s longer, but easier).
So, sure, Rise of the Slime won’t knock your deckbuilder socks off. It’s no Slay the Spire, but it’s not exactly trying to be — it seems to want to offer a more casual, cuter, bitesize version of the popular rogue-builder-deck-like genre. Diet Slay the Spire, if you will. It’s a shame it doesn’t play so well in handheld mode, unless you really like using a combination of touchscreen, controls, and slowly losing your eyesight, but for an evening of lighthearted, low-stakes dungeoneering, it’s a pretty nice snack.
Ex-Arsenal shot-stopper Jen Lehmann has been sacked from Bundesliga side Hertha Berlin’s supervisory board after reports emerged that he referred to television pundit Dennis Aogo as a “token black guy” in a WhatsApp message.
Lehmann, 51, who represented the club between 2003 and 2008 and was sent off during the 2006 Champions League Final against Barcelona, has apologized to former pro Aogo after apparently sending the offensive message to him in error.
Aogo, who works as a pundit for Sky, posted a screenshot of the text message to his social media profile, saying: “Wow, you’re serious? The message was probably not for me.”
Lehmann attempted to clarify his intentions online, describing Aogo as “very knowledgeable” and someone who had helped increase the “quota“.
Jens Lehmann has been sacked from the Hertha Berlin board after accidentally sending a message to Sky Sport pundit Dennis Aogo: “Is Dennis actually your quotenschwarzer (token black guy)?”Aogo on Instagram: “Wow, are you serious? This message was probably not meant for me.” pic.twitter.com/CLUMckFTBC
Lehmann’s hasty apology appears to have done little to appease bosses at Hertha Berlin – the club where he works in an advisory role after he began his playing career there in 1987 – after they issued a statement to say that he has been abruptly relieved of his duties.
“Jens Lehmann’s contract will be terminated with immediate effect. This also means that his mandate on the supervisory board will no longer apply,” they told German publication Die Welt.
“We personally regret this but [the remarks are] not compatible with the principles of Tennor and [investor] Lars Windhorst, especially against the background that we have many people of color as employees.”
Werner Gegenbauer, the president of the relegation threatened Bundesliga side, also hit out at Lehmann’s comments and said that they do not reflect the culture within the club.
ℹ️ Club president Werner #Gegenbauer on #Lehmann: “Such statements are in no way representative of the values that Hertha BSC stands for. We distance ourselves from all forms of racism and welcome the action taken by TENNOR Holding.” pic.twitter.com/1fG5XxC7H4
“Such statements in no way correspond to the values that Hertha Berlin stands for and actively advocates. Hertha BSC distances itself from any form of racism,” he said.
Lehmann’s comments couldn’t have been more ill-timed, coming less than a month after the club sacked goalkeeping coach Zsolt Petry after he made comments which were perceived to be anti-gay and racist.
In those comments, Petry castigated fellow Hungarian and RB Leipzig goalkeeper Peter Gulacsi, who he claimed “supported homosexuals, transvestites and people of other sexual identity”, adding that he could “not understand how Europe could morally sink that low as it has now.
“The liberals blow up their opinions. If you don’t like migration because many criminals overrun Europe, then they accuse you of being racist.”
After his sacking, Petry announced that he “deeply regretted” his comments.
Sky has warned its customers to be on the lookout for a dangerous scam being sent via text message. Anyone who receives the scam message, which claims to be from DHL and provides a quick link to track an upcoming delivery, should block the number, send a report to Sky’s fraud squad, and then delete the text for good.
The warning was shared via the @SkyHelpTeam account on Twitter, which is used to share information with Sky Mobile, Sky Broadband and Sky Q customers who have encountered trouble. It states: “We’re aware of a new scam involving fake text/SMS messages”. The tweet includes a link to detailed blog post about scams targeted at Sky Mobile customers, which adds: “Don’t follow the links in any suspicious text messages; Report suspicious texts by forwarding them to 7726; Block the number and delete the text.”
This scam message promises details on an online order out for delivery with DHL – but when phone owners click on the link to get the delivery information, they’re taken to a spam website that tries to download malware to their device. If you use an iPhone, the malware isn’t able to infect your device, so there’s no risk visiting the website. That’s because Apple doesn’t allow users to install apps from the web – with only the App Store able to install new software. However, if you’re using an Android smartphone or tablet and click on the link – you will kickstart a download of FluBot.
The ability to download apps using files known as APKs is something that leads many people to pick Android over iPhone. It means you’re not restricted to a single App Store and can download software that customises the operating systems in ways that Google or Apple might not allow. However, downloading from outside of the Google Play Store or App Store carries some risks.
FluBot is spyware, which steals passwords and other sensitive data from your smartphone. Given how much personal information we keep on our smartphones, from banking apps to credit card numbers, text messages to friends and teased family photos – you really don’t want any malicious software digging through your files.
Worse still, if your Android device is infected, FluBot will raid your contact details to send out more fake DHL, Hermes or other delivery scams to try to keep spreading the spyware.
If you’re reading this a little too late and already clicked on the link – it’s easy enough to do, especially if you’ve been shopping in the sales online and have lost track of which couriers will be handling your orders – the team at Sky Mobile has some advice about your next steps. In its blog, it warns: “If you’ve already followed a link and given any details and/or agreed to download anything, your phone might be infected with malware.
“The mobile industry recommends you factory reset your device to remove it. After that, avoid restoring from any back-ups you created after the phone was infected to ensure any malware is completely removed. Android users should avoid downloading third-party apps from unknown sources via Settings and ensure the Google Play Protect function is on. If you gave any bank details or used banking apps on your phone, we also recommend informing your bank.”
This concerning trend is known as smishing – a portmanteau of scam messaging.
The Money Advice Service warns that “smishing can be difficult to spot, particularly if it’s someone who would normally contact you by text. But, like email scams, there are some tell-tale signs. For example, there might be spelling mistakes or the text just addresses you as Sir or Madam. Real messages from these companies will usually address you by your full name.
“You can also look at the phone number it’s been sent from. First, it won’t be the same as the one on your bank card. Second, it might be sent from an overseas number. Fraudsters won’t just pretend to be your bank. Sometimes they’ll claim to be from an online account such as PayPal, or a service you subscribe to, such as Netflix. Fake text message scams have also been reported targeting customers of government organisations such as HMRC and the DVLA.”
The Money Advice Service, which is the largest single funder of debt advice nationwide, warns anyone who is suspicious of these messages to avoid clicking on any links found in the text. If in doubt, go directly to the website and login as normal – navigating to the DHL order tracking webpage of your own volition and inputting the order number from the text will soon rumble it as a fake.
It states suspicious looking messages should be approached with caution.
Customers should not click on links sent in text messages as these are often fraudulent.
“Scam mail can take the form of fake lotteries and prize draws, get-rich-quick schemes, bogus health cures, investment scams and pyramid schemes,” it states on its website.
“Sometimes these can be sent to you if a scammer has got hold of your contact details fraudulently.
Online shopping has exploded in popularity following the months of lockdown measures across the UK and chances are, you’re becoming pretty familiar with your Postie or local Amazon delivery driver. But while it can be sometimes difficult to keep tabs on when you’re expecting your next delivery – cyber crooks are banking on that to trick you into opening fake messages. Days after mobile networks Vodafone, Three and EE warned customers about a fraudulent text message that claimed to be from DHL, similar scams referencing DHL, Hermes, the Post Office and other firms are back trying to replicate the success of the fake delivery scam.
It’s easy to see why. With a quick skim-read, it can be easy to fall for these scams. We’ve all ordered something online and then promptly forgotten about it. And if there are delays with stock or slow shipping, it can be easy to forget when an order is due. Not only that, but if you need to leave the house to collect kids from school or grab some shopping, you’ll want to know exactly when that doorbell is going to ring.
These text messages prey on our forgetfulness to trick us into following the link.
The latest scam text message tells phone owners click on the link to check when they can expect their order to be delivered.
“Wondering where your order 4017628719 is? Your expected delivery date is 29/04” it then includes a link to a website which it claims is used to track the progress of the parcel. Unfortunately, that’s not what the link does. Instead, it sends you to a scam website designed to trick you into handing over your personal information directly to the cyber crooks.
Another scam message, received by a number of people nationwide earlier this week, claimed to be from delivery firm Hermes. Again, the fraudulent text message is designed to trick people into believing they’ve missed a delivery. It reads “Hermes: We attempted to deliver your parcel today and was unsuccessful, to reschedule delivery please follow the link.” Clicking on the link takes the phone owner to a fake website where they’re told they need to enter their bank details to pay the £1.45 redelivery charge.
This concerning trend is known as smishing – a portmanteau of scam messaging.
The Money Advice Service warns that “smishing can be difficult to spot, particularly if it’s someone who would normally contact you by text. But, like email scams, there are some tell-tale signs. For example, there might be spelling mistakes or the text just addresses you as Sir or Madam. Real messages from these companies will usually address you by your full name.
“You can also look at the phone number it’s been sent from. First, it won’t be the same as the one on your bank card. Second, it might be sent from an overseas number. Fraudsters won’t just pretend to be your bank. Sometimes they’ll claim to be from an online account such as PayPal, or a service you subscribe to, such as Netflix. Fake text message scams have also been reported targeting customers of government organisations such as HMRC and the DVLA.”
The Money Advice Service, which is the largest single funder of debt advice nationwide, warns anyone who is suspicious of these messages to avoid clicking on any links found in the text. If in doubt, go directly to the website and login as normal – navigating to the Hermes website separately and inputting the order number from the text will soon rumble it as a fake. And since you didn’t follow the link from the text message, you can be sure you’re on the genuine website and your bank details are safe, for example.
If it’s already too late and you’ve fallen for one of these growing number of text messages, you need to act fast. First up, report the scam to Action Fraud by calling 0300 123 2040. If you’ve entered your payment details into a website or online form that you believe was set-up by hackers, you should contact your bank to flag the mistake. This ensures they will be on high alert for any potential fraud.
It also means they can provide you with a new card if they believe the details are already compromised.
Lloyds Bank customers have unfortunately been targeted by scams in the past, but sadly cybercriminals are continuing to change their messages to attack Britons. The latest scam once again centres around text message, as more and more people become used to using their phones to manage their finances. The text reads: “LLOYDS-SECURITY: You have successfully scheduled a payment of £69.99 to payee MR ADAMS 28/04. If this was NOT you, visit: https://payee-confirmationcentre.com.”
Neither will they ask Britons for a PIN code, card expiry date, or Personal Security Number.
Individuals who are asked to move their money or transfer funds by someone claiming to be from Lloyds Bank can be assured this correspondence is a scam.
People who come into contact with a scam text message are strongly encouraged never to click the link and delete the message upon receipt.
This is the best way to protect oneself and keep a guard up against dangerous cybercriminals looking to take advantage.
A number of individuals shared similar warnings, explaining their close encounters with the scam text claiming to be from Lloyds Bank, via social media.
One person said: “You may want to warn your customers of this scam. An old person or someone in a panic could fall for this.”
A second penned: “Received this text from someone pretending to be from Lloyds Bank. Heads up not to click on the link as it is clearly a scam.”
While a third person remarked: “To the scammer, nice try in their pathetic attempt to scam me through text message.
“One advantage of online banking is that you can check to see whether it is true.”
The National Cyber Security Centre, which provides help and support to help keep Britons safe, has issued guidance to those who receive a scam text.
The Government organisation has said any suspicious text messages should be forwarded to the number ‘7726’.
The short code is free of charge and allows a person’s mobile phone provider to investigate the text’s origin, as well as taking action on the matter.
For those who have already responded, action must be taken fast, but the NCSC has also provided next steps.
Those who think they may have been tricked into providing their bank account details will need to contact their bank and let them know immediately.
If an individual has lost money, they should also tell their bank, but report it as a crime to Action Fraud – for England, Wales and Northern Ireland – or Police Scotland.
The NCSC website reads: “By doing this, you’ll be helping the battle against criminal activity, and in the process prevent others becoming victims of cybercrime.”
The UK’s National Cyber Security Centre has also issued a similar warning on its website saying that it is aware that a malicious piece of spyware – known as FluBot – is affecting devices across the UK.
“The spyware is installed when a victim receives a text message, asking them to install a tracking app due to a ‘missed package delivery’. The tracking app is in fact spyware that steals passwords and other sensitive data. It will also access contact details and send out additional text messages – further spreading the spyware,” the post explains.
It’s worth noting that this threat only works on Android devices and Apple’s iPhone is not currently at risk. This is due to the way the malware is downloaded and installed via something called an APK.
Unlike Apple, who only allows apps to be installed via its official App Store, Android is a much more open platform with users able to add extra software to their devices away from the Google Play Store.
