Post Office scams aren’t anything new but this latest message arriving on phones is one of the most elaborate yet. iPhone and Android users are being targeted by the new threat via a simple text message which says, “Post Office: Your parcel has been redirected to your local branch due to an unpaid shipping fee.” This is followed by a clickable link that uses the post office address to make it appear like the real deal.
Of course, we’ve all seen these messages arrive in our inbox before but where this one is so clever is that the website embedded in the link takes you to something that looks so real it’s easy to be duped.
To see just how simple it is to be fooled, Express.co.uk visited the website and, using a fake name and address, we went through each step of the scam to see exactly what data the thieves are trying to gain from unsuspecting Post Office customers.
Right from the start, the whole scam looks totally genuine with the official Post Office logo appearing, slick animations popping up and even the font looking just like the real thing.
The first Window you’ll see features a very simple message asking for your postcode to check for the missed delivery.
Once you’ve handed over that information you’ll then be asked for your name and the full delivery address.
At this point, Express.co.uk added a completely fictional name and address and, guess what? The system revealed that a parcel had been found and was waiting to be delivered.
And here’s where things get serious as the next piece of the form starts asking some very personal questions including date of birth and mobile number.
Once that data is added, users are then asked to select a date for redelivery which, again, all looks incredibly genuine.
Finally, you’ll see a page asking for a charge of £2.39 to be paid to receive the parcel and a form wanting full banking details to be added including a card number, CVV security code, account number and sort code.
Anyone falling for this trick will have then, unwittingly, handed over everything a cyber criminal needs to make fraudulent purchases. It’s scary stuff.
The Post Office says that anyone receiving a suspicious email, text message, telephone call or discover a Royal Mail branded website which they think is fraudulent, should report it to [email protected]
If you have been the victim of a payment scam, you can get a crime reference number by reporting it to your local Police station.
And if you have clicked on a link, provided any personal data like your bank account details on a website or over the phone or you’re concerned that you’ve been compromised, you should also report the scam to Action FraudOpens in a new window, the national fraud reporting centre.
This post originally posted here Daily Express :: Tech