How to make sure you don't fall for the latest parcel-fee scam

A

 text arrives claiming to be from DHL or Hermes: “Your package has a £1.45 shipping fee”. It invites you to click on a link to pay, warning that the package “will be returned to the sender if unpaid”. If you click through you are invited to enter your bank details into a fake website. Your data can then be sold on to other criminals, or used as a basis for more elaborate scams, such as fake phone calls from “the bank”.  

It’s not just texts, reports Grace Gausden on This is Money. Another variant of the scam takes the form of an email purporting to be from the Post Office. Again, the victim is asked to click on a link to pay a fee to “release items” for delivery. It can be hard to separate the real from the fake. Genuine courier firms such as UPS really have been charging surprise shipping fees of late. Royal Mail says that “we would not request payment by email or text”. In cases “where a customs fee is due… we would… leave a grey card telling customers that there’s a fee to pay before we can release the item”.  

These text scams represent a kind of “twisted genius”, Martin Lewis of moneysavingexpert.com told The Observer. Due to the pandemic most of us have been waiting for parcel deliveries. Post-Brexit customs changes make demands for extra fees on deliveries from abroad seem plausible. The receiver will “swear a bit and just pay”, not realising that their bank details are now in the hands of crooks.  

Full card details trade for “about £30” on encrypted chat services such as Telegram, while “partial information” goes for a fiver, says Ali Hussain in The Sunday Times. Text scammers face few obstacles. It’s possible to set up a fake website with a plausible name (eg, royalmail-payshippingonline.com) for just £6.39 a year. Banks are reporting “100 bogus” sites a week. The number of such “impersonation scams” almost doubled last year, with losses hitting £150.3m.  

The Money Advice Service says such “smishing” (scam messaging) can be difficult to spot. “Don’t click any links in text messages.” Instead, go “directly” to the legitimate website “and log in as normal”.  

The National Cyber Security Centre advises the public to forward suspicious emails to report@phishing.gov.uk. Spam texts should be forwarded to your mobile-phone operator at 7726, a free service that collates and blocks such numbers, says which.co.uk. “Never respond to spam texts” because that lets scammers know that “your number is live”. Just delete them.  

Beware Google advertisements 

Watch out too for “rip-off” advertisements on Google, warns Mike Wright in The Daily Telegraph. Google promised in 2018 that it would remove sites offering help with tasks such as securing visas for the US at exorbitant prices. Yet such sites are still being “promoted over legitimate government services” in search results. They aren’t usually scams; they really will help with, say, changing the address on your driving licence. But why pay £70 when the DVLA lets you do it for free? 

An Esta travel permit to visit America costs $14, but Google has “repeatedly allowed advertisements for websites charging more than $80”, says Chris Fox on the BBC. Google advertisements are difficult to distinguish from “organic results”: they appear at the top of search results and are marked with the word “Ad” on the left in small, bold text. Google says it’s working on a “machine learning” solution to the problem, but it has turned into a game of “cat and mouse”, says Sandra Wachter of the Oxford Internet Institute.