Spammers have been sending out emails purporting to be from Royal Mail to try and trick victims into downloading malware.
The emails have been identified by MX Lab, and confirmed as fakes by Royal Mail who have received thousands of calls and emails about them. They have been sent from a spoofed address called “Royal Mail Group”.
Example scam email
Mail – Lost / Missing package – UK Customs and Border Protection
Royal Mail has detained your package for some reason (for example, lack of a proper invoice, bill of sale, or other documentation, a possible trademark violation, or if the package requires a formal entry) the RM International Mail Branch holding it will notify you of the reason for detention (in writing) and how you can get it released.
Please fulfil the documents attached.
If you receive one of these emails you should delete it immediately, report it to us and don't download the attached zip file. The type of malware the zip file contains can steal information from your internet browser, change your firewall settings, and modify your Windows registry according to MX Lab.
Fraudsters are opportunistic and know that during the Christmas period many of us are waiting for deliveries and parcels – if you are waiting for a delivery from Royal Mail and it is late you should contact them directly.
Advice from Royal Mail
- Royal Mail will never send an email asking for credit card numbers or other personal or confidential information.
- Royal Mail will never ask customers to enter information on a page that isn’t part of the Royal Mail website.
- Royal Mail will never include attachments unless the email was solicited by customer e.g. customer has contacted Royal Mail with an enquiry or has signed up for updates from Royal Mail.
- Royal Mail have also stressed that they do not receive a person’s email address as part of any home shopping experience.
The Royal Mail have notified the National Fraud Intelligence Bureau, which is responsible for collating information on such incidents and wherever possible disrupting the activity of fraudsters.
For further information please visit the MX Lab website.
Please note that Action Fraud is not responsible for the content of external websites.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.