Fake Royal Mail page detected

Posted byAnti-phishing Leave a comment on Fake Royal Mail page detected

These two screenshots show a phishing campaign impersonating Royal Mail, targeting users in the United Kingdom. The scam uses a fake delivery issue and a small redelivery fee to steal full credit card details.

Threat Analysis: Royal Mail Phishing – Fake Redelivery Fee & Card Harvesting

Step 1 – Fake Tracking Page (First Screenshot)
The victim lands on a page that mimics Royal Mail’s tracking interface. It displays:

  • A fake tracking number
  • A claim that there is an issue with the shipping address
  • Instructions to arrange redelivery

Step 2 – Card Payment Page (Second Screenshot)
The victim is taken to a page that asks for:

  • Full name
  • Card number
  • Expiration date
  • Security code (CVV)

A small redelivery fee (£3.00) is shown to make the payment seem insignificant.

The goal:
The attacker collects complete card details to make fraudulent purchases, clone the card, or sell the information.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not royalmail.com. Legitimate Royal Mail tracking and redelivery are only on official domains.
  • Fake tracking number: The tracking number format may look plausible, but it cannot be verified on the real Royal Mail site.
  • Request for CVV: Royal Mail does not ask for your card security code for redelivery fees. These fees are typically paid through a secure, integrated payment gateway after you log in or confirm your address.
  • Small fee trick: £3.00 is a trivial amount meant to lower suspicion.
  • Copied content: The second page includes real Royal Mail footer links and navigation menus, which are copied from the genuine site to appear authentic.

What to do if you encounter this:

  • Do not enter any card details.
  • If you are expecting a delivery, track it directly by typing royalmail.com into your browser and using your real tracking number.
  • If you have already entered card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Report the phishing page to Royal Mail (e.g., via their official fraud reporting page).

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier website.
  • Never pay a “redelivery fee” via a link. Legitimate redelivery fees are paid through the official site after verifying your tracking number.
  • Check the URL carefully: Legitimate Royal Mail domains end with royalmail.com. Look for misspellings, extra words, or unusual top‑level domains.
  • Enable transaction alerts on your bank account to catch unauthorized charges early.

Leave a comment

Your email address will not be published. Required fields are marked *