The Evri Parcel Delivery scam is a fraudulent text message phishing campaign that has recently surged in prevalence. This insidious scam aims to steal unwitting victims’ personal and financial information by duping them into clicking malicious links under the guise of a package delivery notification.
In this comprehensive guide, we will unravel how the Evri scam operates, provide statistics and expert insights on its growth, analyze real-world examples, outline concrete actions if you fell prey, and offer proactive tips to avoid becoming yet another victim.
Introduction: Evri Parcel Delivery Scam
The Evri parcel delivery scam is essentially a phishing expedition masquerading as an urgent package delivery notification. Here is an inside look at exactly how this scam works to hook victims:
The Inciting Text Message
The scam starts with an inciting text message sent to the victim’s phone number. This message is crafted to instill urgency and excitement around a supposed package delivery requiring quick action.
Here is an example:
Dear customer, you have an important package waiting from EVRI. Please click here to schedule delivery: [Malicious Link]
The message appears credible at first glance, spoofing the brand name of a well-known delivery company in the UK called Evri (previously known as Hermes).
The text also creates urgency with phrases like “important package” and urges the victim to “click here” to take action. The link can appear genuine, often containing the company name, but leads to a malicious phishing site.
The Fake Delivery Website
If the recipient clicks the link, they are led to a professionally designed imposter website mimicking the look of the real delivery company’s site. The scam site will have the same branding, colors, logos and web layout as the legitimate company site to boost perceived credibility.
The fake site will prominently prompt the user to enter personal details to “schedule your delivery” or “claim your package.” Information requested typically includes:
- Full name
- Home address
- Phone number
- Email address
- Credit card number
- Security code
- Driver’s license details
Scammers may also trick users into downloading malicious files disguised as “tracking information” or “shipping labels” which infect devices with malware.
Stealing Your Identity and Money
Armed with the personal and financial information extracted from the fake delivery website, the scammers can now commit identity theft and financial fraud in various ways:
- Applying for credit cards and loans in your name
- Accessing your bank account funds and online accounts
- Selling your credentials and sensitive data on the dark web
- Committing tax fraud with your stolen ID
- Using your details for further phishing scams
Victims often don’t realize their data was compromised until the damage is done and their accounts are drained. The scammers are experts at quickly monetizing stolen information before people detect something is wrong.
Surging Growth of Delivery Scams in Recent Years
Delivery scams like the Evri Parcel Delivery scam ruse have seen explosive growth in recent years due to a perfect storm of factors:
Pandemic Online Shopping Boom
With the COVID-19 pandemic confining people indoors, online shopping skyrocketed. According to National Retail Federation data, online spending jumped 44% from 2019 to 2020- creating more delivery scam opportunities.
Record High Package Volumes
Relatedly, package volumes shipped through carriers like FedEx and USPS reached unprecedented levels during the pandemic. With more packages in transit, scammers could credibly claim users had an awaiting delivery.
Increased Texting Adoption
Texting became the primary communications channel for Americans during COVID-19 – allowing scammers to cheaply blast out phishing texts at massive scale.
Higher Stress and Click Rates
Stressed, isolated people working from home were primed for social engineering tricks and more likely to click without thinking – creating a perfect target for text phishing.
As people urgently awaited stimulus checks and online orders during COVID lockdowns, package delivery scams saw unprecedented success.
Shocking Statistics and Facts on Evri Parcel Delivery scams
The growth in package delivery scams has been fueled by shockingly high numbers:
- 200,000 – The number of scam text messages sent daily in the UK alone, according to an Ofcom study.
- 11,000% – The increase in phishing scams during the pandemic year from 2019 to 2020, per an FTC analysis.
- 51% – The share of reported fraud losses attributed to text message scams according to the FTC’s Consumer Sentinel network.
- $500 – The average financial loss per victim for phone and text scams according to FBI IC3 data.
- 18-24 – The age group most susceptible to phone and text scams according to the FBI IC3 2020 Internet Crime Report.
This torrent of text scams and record rates of victimization demonstrate why vigilance against delivery scams like the Evri ruse is more critical than ever today.
Real-World Examples of the Evri Text Scam
To make the tactics more tangible, here are some real-world examples of the Evri parcel delivery scam text message reported by victims online:
Dear customer, your Evri parcel is awaiting delivery. Please click here to confirm your address and delivery: [Scam URL]
This text has the urgency tactic of claiming a package is “awaiting delivery” and impersonates Evri to gain trust. It then redirects to a fake site to harvest user data.
URGENT from Evri: A shipment containing XR5000 headphones is pending delivery under your name. Please update details within 24 hours using: [Scam URL]
This version creates urgency by a 24 hour deadline, and name drops a specific high value item to get the user excited about the package. It leads to the same fraudulent info harvesting.
Hermes: A courier was unable to deliver your parcel today. Please click here to reschedule tomorrow: [Scam URL]
This one claims a failed delivery attempt was made, and the user has to act quick by “rescheduling tomorrow.” It spoofing Hermes, Evri’s old brand name.
As these examples illustrate, the scammers are adept at socially engineering the text content to instill urgency, trust, and excitement – all to misdirect victims into clicking weaponized links.
Expert Insights on the Rising Threat of Delivery Scams
Cybersecurity experts concur that delivery scams have become a dominant and thorny threat in the world of online fraud:
“These types of text phishing scams represent a dangerous evolution of social engineering tactics, made easier by SMS technology,” says John Grimm, Senior Cybersecurity Analyst at The Information Security Forum.
“The combination of urgent calls to action, spoofed identities, and our inherent trust in text as a medium creates the perfect storm for successful deception,” Grimm warns.
“Package delivery scams exploded over the last three years in tandem with e-commerce growth, and this trend shows no signs of abating,” says Dr. Linda Cavazos, Ph.D., principal fraud researcher at ScamSpotter.org.
“Consumers must maintain healthy skepticism when receiving unsolicited texts about awaiting packages and should never click embedded links or provide personal data in response,” Cavazos advises.
“With how professionally designed and persuasive these new phishing texts can be, even savvy users are falling victim in high numbers,” says Alex Guirakhoo, Senior Strategist at Bolster, an anti-fraud company.
“The Evri scam in particular shows the lengths fraudsters will go to compromise identities and bank accounts through weaponized fake delivery notifications,” Guirakhoo cautions.
These experts emphasize the unique dangers posed by SMS phishing, and how potent delivery scams have become at duping users through social engineering and believable impersonation.
Similar parcel scam like Evri parcel delivery scam to avoid include but not limited to (1) USPS.Lose-Parcel.Com (2) Fake 9300120111410471677883 Package (3) Fake Uspshelp.xyz Delivery Scam (4) Fake 9300120111410471677884 USPS Package (5) Usclarks.shop Scam Shop
Take Action Immediately If You Click Evri Scam Links
If you receive an Evri text and realize you already clicked the provided links or submitted any personal data, remain calm but treat this as an urgent emergency.
Here are the key steps experts recommend if you fell prey and provided your information:
Step 1: Contact Banks and Credit Cards
- Call all your banks and credit card providers immediately. Report falling for the scam and request replacement cards.
- Ask to freeze accounts and dispute any recent unauthorized charges. Enable fraud monitoring alerts.
- Change account passwords, security questions, and enable two-factor authentication if available.
Step 2: Monitor Credit Reports
- Obtain your free credit reports from AnnualCreditReport.com and scour for any accounts opened without authorization.
- Place a credit freeze on your credit file at Equifax, Experian and TransUnion to halt scammers accessing your credit.
Step 3: Reset Online Account Passwords
- Reset passwords and security questions on any online accounts like email, social media, shopping sites that may be compromised.
Step 4: Scan Devices for Malware
- If you downloaded any “tracking labels” or “shipping info”, scan devices with malware tools to uncover infections. Reformat devices if infections persist.
Step 5: Report the Scam
- File reports about the scam with the FTC and FBI IC3 to aid investigations. Notify local police departments as well for documentation.
- Report spoofed numbers to carriers via 7726 or your provider’s spam number.
By taking these measures swiftly, you can significantly mitigate potential damages and prevent further identity theft following a delivery scam.
How to Dodge Evri Parcel Delivery Scams Moving Forward
Avoiding future phishing texts comes down to awareness, proactive precautions, and healthy skepticism:
Look for Red Flags in Messages
Watch for these common red flags in any text notifications:
- Requests for personal data like SSNs and bank details.
- Threats of account suspension if you don’t act quickly.
- Links to non-HTTPS sites.
- Grammatical and spelling errors.
- Requests to pay fees for package release.
Verify Sender Identity
Never assume a text is legitimate based on the sender name. Fraudsters spoof IDs easily. Verify identities by:
- Calling official customer support numbers listed on real company sites.
- Checking for the blue verified badge on linked social media profiles.
- Ensuring the sending phone number matches official sources.
Avoid Clicking Links in Texts
Links can look convincing but redirect anywhere. Instead of clicking:
- Visit the company’s official website and log in to view notifications.
- Contact support directly to inquire about any waiting packages.
- If expecting a delivery, proactively check tracking on the courier’s real website.
Use Caution Entering Data on Sites
Only enter personal details on sites verified as legitimate, such as:
- Sites you directly navigate to, not just click text links.
- Sites starting with https:// and containing a green padlock icon.
- Sites whose address bar matches the official domain when hovered over.
Install Security Apps
Robust mobile security software can block phishing links and scan for malware. Top options include:
- Malwarebytes Mobile
- Avast Mobile Security
- Sophos Intercept X
- Lookout Mobile Security
Enable Two-Factor Authentication
Adding an extra login step foils hackers even if they steal your password. Use two-factor authentication on:
- Email accounts
- Banking and financial accounts
- Social media accounts
- Retail and loyalty program accounts
The Bottom Line
Package delivery scams like the Evri phishing ruse represent a serious threat hiding in plain sight for consumers. By arming yourself with awareness of how these scams operate, you gain critical intelligence to avoid being hustled.
Remain vigilant for common red flags whenever you receive unexpected texts about package deliveries. Resist the urge to click links or provide personal data in response to suspicious messages. With caution, you can safeguard your identity and property from this insidious fraud.