The fake emails and texts which targeted Britons over Christmas

Fake texts from fraudsters pretending to be Royal Mail and emails impersonating the likes of Microsoft, UPS and car park operators were among the scams which tried to catch Britons out over the festive period.

This is Money asked for readers’ experiences after we reported how phishing emails which pretended to be from the courier company DPD and Royal Mail were targeting Britons’ inboxes in the run-up to Christmas. 

Of the dozens of responses we received many detailed scams in a similar vein, with recipients told they needed to pay a fee in order to reschedule a missed parcel delivery, causing confusion at a time when people were expecting Christmas deliveries.

One reader, Mark, told us how he was nearly caught out by a text claiming to be from Royal Mail, at a time when he was expecting several deliveries. 

The message, which appeared to come from the same number as other legitimate texts from Royal Mail, asked him to click a link to reschedule a delivery.

Scammers had swapped out the ‘l’ in Royal Mail for an ‘i’, something he only noticed when he copy and pasted the message and changed the font colour. 

‘But for the URL I would have been taken in totally’, he said.

Scammers can use cheap software to make it look as if messages or phone calls have come from the same number as legitimate ones. 

One This is Money reader almost fell victim to a phishing text which claimed to be from Royal Mail. It appeared alongside legitimate texts from the parcel delivery firm

Banks and the taxman frequently see their phone numbers spoofed by scammers, and there were thousands of reports of phishing texts last year as fraudsters sought to cash in on the coronavirus pandemic.

Britons have recently been urged by Trading Standards to beware another phishing scam doing the rounds which claims to come from the NHS. 

It offers recipients the opportunity to apply for the coronavirus vaccine provided they follow the link and provide personal and payment details, which will be harvested by fraudsters.

Vulnerable Britons are being targeted with fraudulent text messages offering them access to coronavirus vaccinations

The website is designed to look like the legitimate NHS one, and was first reported at the end of last month by people living in the Western Islands in Scotland. 

Trading Standards’ Katherine Hart said: ‘The vaccine brings great hope for an end to the pandemic and lockdowns, but some only wish to create even further misery by defrauding others. 

‘The NHS will never ask you for banking details, passwords, or Pin numbers and these should serve as instant red.’

Trading Standards said text messages had been sent out including links to fake NHS websites that asked recipients for bank details, supposedly for verification purposes

Such impersonation messages are often very convincing. Another reader, Helen said a fake email claiming to come from Royal Mail ‘was so convincing’ she actually took it to her local sorting office in Waterlooville, Hampshire, where it was confirmed to be fake.

‘I was nearly fooled and clicked on the link which then asked for bank details’, she said.

The DPD scam duped 35 victims out £103,000 in total in the first week of December, or £2,942 each, according to figures from the fraud reporting service Action Fraud.

But the fraud was not limited to the festive period, with 5,478 reports of suspicious DPD emails forwarded to the Suspicious Email Reporting Service, set up by the National Cyber Security Centre, in November, when England’s second national lockdown saw shops closed.

And parcel delivery firms were not the only ones impersonated by fraudsters over Christmas. 

One reader, Michelle, received an email in mid-December claiming to be from NCP, the UK’s largest private parking company, which falsely said she owed £14.99 for a penalty charge after failing to pay a fare at the start of September.

She said she ‘very nearly fell for’ the scam if it hadn’t been for funny characters in the email. 

Had she followed the link and attempted to pay, she likely would have also had her bank details compromised, on top of losing nearly £15.

Beverley told This is Money she had received a fake email in the first week of December saying her ‘car tax was overdue’. 

‘It looked like a genuine DVLA form’, she said, and she had even filled in the form as far as her bank details before she called her garage to check if the tax was overdue, which it wasn’t.

Another reader, Michelle, was sent an email claiming to be from NCP saying she owed a £14.99 penalty charge due to failing to pay a parking ticket in September, which hadn’t happened 

The DVLA had previously told This is Money there had been a 603 per cent rise in scam emails and texts between July and September last year compared to the same three months the year before.

And Tom, a reader from Devon, received a fake email at the start of December from ‘Microsoft’ telling him his account would be disconnected if he did not verify his email address, another way of trying to steal his details.

Microsoft and the UK Government were also impersonated by fraudsters. The fake ‘free payment’ message was a popular choice among scammers in 2020

Bank fraud chiefs urged recipients to be on their guard and avoid clicking on any suspicious links, and instead access a website through typing in a web address known to be legitimate.

Lloyds Bank’s retail fraud director Paul Davis said: ‘Scammers are ready to disappear as soon as they’ve got their hands on your cash, so it’s more important than ever to treat every email, message and call that you’re not expecting with caution.

‘Even if you think you know the sender, don’t reply to a text or email message if it seems odd and never enter your personal information. 

‘If you’re not sure, phone the company on a number you trust or visit its website by typing the web address directly into the address bar at the top of your screen.’

And one request for money which was actually legitimate

Sandra Cross, from Mansfield, sent a Christmas present to her cousin in Canada which she had bought from The White Company and was delivered through DPD. 

However, she was concerned when she received an email claiming to be from the logistics firm Aramex saying she needed to pay a fee.

Sandra Cross, from Mansfield, was concerned she was the target of fraudsters when she was asked to pay import duties on a present she sent to her cousin in Canada

She was also worried by a post on the company’s website warning about ‘unexpected requests for money in return for delivery of a package’, which it said was often a sign of fraud.

However, after contacting Aramex’s customer services it turned out she had to pay duties after all, due to The White Company’s choice of courier. 

She said if the parcel had been sent through Royal Mail there would have been no import duties to pay.

‘I paid them £20 to deliver some shower gel and body lotion not pick a carrier that didn’t operate in Canada who wanted £11 import charges’, a frustrated Sandra told us.

Barclays’ head of fraud, Jim Winters, added: ‘Scammers are using increasingly sophisticated means to get unsuspecting members of the public to divulge their personal information. 

‘In this new national lockdown, they will continue to target individuals when they may be feeling more vulnerable than usual, and we all need to stay a step ahead by doing the appropriate research and never giving out our personal information.’

Those who receive suspicious emails can forward them to ‘report@phishing.gov.uk’ and texts to 7726.