Case Study – Royal Mail text scam
On Friday, ‘Sally’ received the phishing ‘Royal Mail’ text message, asking for her to pay £2.99 additional postage fee. At the time, Sally was unaware of this scam. She checked the website for information and thought the text message was legitimate. It was Sally’s birthday that weekend and she was expecting a couple of packages to arrive. Sally has paid for additional postage fees before, so didn’t think this message was suspicious and paid the fees. She entered her contact details, date of birth and credit card details on to the duped ‘Royal Mail’ website.
The following week, the criminals used this information to phone Sally. They pretended to be calling from the ‘bank’s fraud team’ and told her about some suspicious activity on her account. They took her through some security questions to cancel her cards before they could issue her a new one. After building up trust, the criminals convinced Sally to transfer her money in to a new account they had set up.
Sally was suspicious and challenged the callers, but they were able to convince her she was speaking to her bank by telling her account balance. They told her to look at the phone number they were calling from. The scammers used number spoofing software to display false caller-ID information to trick Sally into thinking that she was on the phone to her real bank.
The criminals requested Sally to send money into an account they had set up using her details. This made it look like she was sending money to someone she knew. They also made her transfer money in smaller payment amounts so it wouldn’t trigger any security alert on her bank system.
Sally only realised this was a scam when the criminals asked her to transfer her overdraft amount which she didn’t have. They insisted that she did and got her to try. The final transfer didn’t work, which confirmed to her that she had been a victim of crime and she ended the call.
Sally got in touch with her legitimate bank. They managed to cancel her cards and they launched an investigation in to the fraud claim.
Advice:
- A bank or payment card company will never ask you to transfer money out of your account to another that you do not recognise. You should hang up immediately.
- Never provide financial or personal details to a caller. You can call back on a number you know to be authentic. You should call this from a different device or call a friend first to make sure that the scammer is not connected to the phone line. Many scammers will have the ability to spoof numbers to fool you in to thinking they are genuine.
- Advice on how to spot a fake Royal Mail notification Royal mail don’t collect shipping costs by email (or text message), so be aware and stay cautious.
- If you fall victim, you should report this to your bank and report this crime to Police Scotland by calling 101.