You just received an email from [email protected] claiming there’s an issue with a delivery you recently ordered. Should you be worried? In a word – yes.
This tricky email scam has exploded across the UK, tricking multitudes into revealing personal information that got compromised. I should know – it happened to my sister Jane just last month.
She clicked a link in one of those emails which sent her to a fake site mimicking Evri. Without thinking, she put in her name, address, credit card number – everything the scammers requested. Two days later there was £1500 in bogus charges on her card from overseas betting websites.
Luckily her bank spotted the fraud in time to cancel the card and refund the stolen money. But many aren’t so fortunate after letting their guard down.
This ingenious scam ensnares so many unsuspecting victims by exploiting: 1) Our reliance on online shopping & deliveries 2) Trust in top couriers like Evri 3) Urgency about missing parcel issues
In this in-depth investigative guide, you’re going to learn what makes this deception so dangerously convincing along with simple tricks to recognize and defeat it.
I’ll reveal red flags in the scam emails plus what to do if you fell for it. You’ll walk away knowing how to outsmart this fraud both online and off.
Let’s dive in…
Anatomy of The [email protected] Scam
This con typically starts with an email sent to your inbox from the address “[email protected]” regarding issues with a parcel meant to arrive shortly.
The scam message claims there’s a customs delay, invalid address, shipping problem or another matter blocking delivery. Often a fake Evri tracking number is cited to add legitimacy along with your name or location details.
Here’s an example:
Dear Sandra Collins,
There is an issue with the delivery of your parcel EH123456789UK scheduled for delivery tomorrow.
You must update your shipping address verification by clicking here immediately or we cannot dispatch your item.
If we do not hear back in 12 hours, your order will be returned and refund processed in 5-7 business days. Please act now to prevent delays.
Thanks, The Evri Team
Three powerful psychological triggers make this ruse so dangerously persuasive:
- Customers are primed to expect parcel issues. We’ve all had delays, address problems or vague tracking at some point. So an email about such common mishaps seems normal.
- Our names and locations are included which personalizes the message. Now the problem feels specific to us rather than a generic scam blasted to thousands.
- There’s a short deadline that spurs urgent action without deeper thought on legitimacy. 12 hours seems reasonable to resolve a delivery, but really masks shady intentions.
This trifecta of believable premising, personalization and perceived time pressure overrides caution in recipients. So they click embedded links without hesitation which leads to…
Stage 2: The Fake Verification Site
The destination links in scam emails bring users to expertly forged websites spoofing Evri’s real parcel tracking portal. The fake sites even use Evri’s exact visual branding like colors, logos and fonts to seem authentic.
You’re met with a dashboard showing your name, order details and a warning message insisting personal information is required to complete delivery.
This is where sobering reality hits once private data gets forfeited.
Credit card numbers are sought to pay fictional customs fees or address confirmation mandates. Full names, dates of birth and phone numbers also get harvested for identity theft schemes.
Some fake sites even upload malware to victims’ devices granting access to installed software like banking apps full of sensitive information.
No matter the ploy, unwitting visitors enter enough personal or financial data to sustain substantial long term damage.
And since disposable burner accounts and domains were used to orchestrate the scam which get ditched after use, connecting evidence back to individual fraudsters later is near impossible.
Source: National Cyber Security Centre
That’s what makes this fraud so alarming – virtually anonymous cyber criminals using cloaked sites and accounts to securely steal identities without accountability.
Now let’s reveal the critical warning signs protecting you from their clutches…
9 Red Flags Exposing Fake [email protected] Emails
Savvy scam spotting separates the vulnerable from the impervious. Train your eyes to recognize these tell-tale indicators of fraudulent parcel emails:
1. Generic Greetings Lacking Personalization
Legitimate companies address customers directly in communications. Emails from Evri would say something like “Dear John” or “Hi Rebecca”.
Impersonal greetings like “Dear customer” or just using your first name are commonly used in scams sent to masses.
2. Senders’ Email Doesn’t Match Company Domain
Hover over sender addresses without clicking to preview the actual domain. Evri uses @evri.com or regional domains like @evri.co.uk.
If [email protected] or other odd variants appear, it’s surely fraudulent. Misspellings like @evrii.com or extra words like @service-evri.com are also dead giveaways.
3. Poor Spelling & Grammar
Sloppy writing suggests foreign scammers hurriedly blasting out emails to thousands. They care about volume, not properly structuring messages.
Legitimate delivery alerts written by professionals would never contain awkward phrases like “return and refund processed”.
4. Links Don’t Match Company’s Site
Before clicking message links, hover over them to preview destinations. The real Evri site is evri.com without extra subdomains.
If you see odd URLs like “evri-secure5.co.uk/updateinfo” or IP addresses, they undoubtedly direct elsewhere deceptively.
5. Threatening Demands About Payments
Evri or other shippers may flag late fees but won’t outright threaten outcomes like cancellations or refund denials. These urgent pleas to pay try forcing hasty reactions.
6. Details Don’t Match Your Order
Scammers blast generic alerts hoping recipients ordered something recently. If no courier, dates or product details match your purchase, it’s just shotgun spam.
7. Request Account Passwords or Install Software
No legitimate company solicits your passwords. Some fake sites also try downloading malicious software. Entry of sensitive information or unfamiliar programs signifies scamming.
8. Credit Card Payments Via Unsecured Email
Secure firms never request confidential payment data like credit card or bank account numbers over plain email. Orders and billing happen on certified domains typically using SSL protection.
9. When in Doubt, Verify Directly
If something seems suspicious, always contact companies via their official published numbers to inquire. Don’t reply to emails or call numbers listed in doubtful messages.
Now that your scam radar is calibrated, let’s explore what happens if you already got hooked…
What To Do If You Fell For The [email protected] Scam
Uh oh. You entered personal details on a fake verification site sent from the too-good-to-be-true emails. Don’t panic. Rapid action can greatly limit the fallout.
Step 1: Contact Banks & Creditors
If you shared financial data, inform relevant institutions so they can freeze accounts and flag for irregular activity. Cancel compromised cards right away.
Step 2: Run Antivirus Scans
If you downloaded anything or entered passwords, scan devices using trusted antivirus software like MalwareBytes or Norton. Quarantine or delete detected threats.
Step 3: Enable Login Alerts
For accounts you accessed during scamming, enable text/email alerts on logins from new devices. This warns you of unauthorized access attempts.
Step 4: Change Passwords
Always reset passwords after scam exposure, especially for email, financial services and ecommerce accounts. Make them long and complex.
Step 5: Place Fraud Alerts
Contact credit bureaus to place 90 day fraud alerts on your credit file. This requires verifying ID before new credit gets opened, hindering scammers.
Step 6: Monitor Financial Statements
Watch bank/credit statements and online account activity closely in the ensuing weeks for any signs of access or theft. Report discrepancies immediately.
Step 7: File Police & Government Reports
Report the scam to your local police department’s fraud division with details on how you got compromised. Also notify the FCA and Action Fraud to spur investigations.
Step 8: Inform Shipment Provider
Contact Evri’s fraud team to make them aware emails spoofing their brand are circulating. Provide the fake sites and messages to aid their enforcement efforts against scammers.
And just like that – disaster deftly averted! Now let’s drill down on defending your whole family from this fraud going forward…
For further guidance on how to report potential fraud you can read this article
How To Protect Yourself & Others From The Scam
They say an ounce of prevention is worth a pound of cure. Let’s prevent this scam from ever duping you or loved ones again using air-tight security tactics.
Educate Everyone On The Scam
Describe the scam in detail to friends and family, especially the technology-challenged. Ensure they understand emails with links related to parcel issues should always be ignored outright unless verified.
Set Email Filters Against Common Scam Triggers
Configure email filters using common scam phrases like “customs clearance” and “address confirmation” that automatically delete messages or send them to spam.
Confirm Tracking Numbers On Official Sites
When getting shipment notifications, always login directly to courier sites instead of using email links to check statuses. Links often direct somewhere deceptive.
Analyze Senders Carefully Before Opening Emails
Take two seconds scrutinizing sender addresses and domain extensions to ensure legitimacy. If receiving something odd from an unrecognized address, don’t even open the message.
Avoid Entering Personal Data on Unfamiliar Websites
Never surrender private info on sites you don’t already use regularly for transactions. There’s no reason for an unknown domain to require your confidential data.
Use a Password Manager
Adopt a password manager app like 1Password or LastPass that generates and stores complex login credentials for all your sites & accounts. Enabling two factor authentication provides an added layer of login protection too.
Follow those pro tips and not only will you elude this devious parcel scam, but all manner of fraud lurking online.
Evri/Hermes Scam FAQs
Let’s answer some frequently asked questions about this scam to solidify understanding:
Are emails from [email protected] real Evri messages?
No. Evri would never use such an odd email address. Their domains are @evri.com and regional extensions like @evri.co.uk. Any other variants are fraudulent.
How do scammers make the fake sites look so real?
They copy the legitimate Evri website design precisely including branding elements like logos, colors and fonts using screenshots and web scraping tools. Some even steal cached versions of actual Evri pages and host them illegally.
What do scammers do with the personal data they collect?
Stolen financial information gets sold on the dark web or used directly for transactions by scam operators. Personal info like IDs, addresses and birthdates get traded among networks specializing in identity fraud.
Has anyone been arrested for orchestrating this scam?
Very rarely. Most scammers operate anonymously across international borders in regions with weak cyber crime laws. Untraceable burner phones and emails make connecting evidence to individuals extremely difficult for authorities.
How can I tell if my device got infected with malware from a fake site?
Scan with updated antivirus software immediately after exposure and continue monitoring closely in subsequent days/weeks for unusual activity like crashes, sluggishness or strange login requests signaling deeper infection.
Is entering my email address or phone number on scam sites risky?
Absolutely. Compromised contacts allow criminals to target phishing attempts more precisely and exploit account recovery options during identity theft. Treat all personal data as ammunition to do harm in their hands.
Well, there you have it folks…
Devious fraudsters will continue conjuring up ingenious new parcel scams exploiting widespread online shopping and delivery reliance.
But now you’ve got the inside scoop on mechanisms powering current [email protected] trickery plus simple techniques to evade and defeat it.
Stay vigilant against shady links and too-good-to-be-true offers in unsolicited messages. Verify directly with senders using published contact channels when something seems off.
With your new fraud fighting skills, con artists don’t stand a chance penetrating your savvy line of defense. No more falling prey when your next bogus delivery email arrives!
Stay safe out there and also beware these trending scams