How to avoid phishing scams

We're committed to protecting the privacy and security of our customers and website visitors. Staying safe online can be tricky, which is why we've created this handy guide to help you.

What are phishing, smishing and vishing?

Phishing is where cybercriminals ‘fish’ for personal data by sending you emails (or social media messages) that look like they’re from us (or another legitimate sender or business). They often ask you to click a link, download or open files or software, or confirm personal information.

Similarly smishing (or SMS-phishing) is a text message with a link that looks legitimate, often pretending it’s there to help you - such as to arrange a re-delivery, confirm delivery address or check a problem with your account.

It can even be a direct phone call pretending to be someone they’re not – this is vishing or voice-phishing.

The aim of all of these is to get you to reveal private information like your usernames, passwords and other secure information, such as your parcel details, address, bank or financial details. This information can then be used to steal from you or be used against you.

These tactics can be very convincing and can even use genuine-looking branding and messaging. They often urge you to act fast as they don’t want you to have time to think about whether you should be doing what they’ve asked. 

When you give fraudsters your details, they can use this to access more of your information. If you download any attachments, these can be used to infect your computer putting your files and data at risk.

Spot the signs

These attacks will often be unusual in some way or be unexpected (for example referring to a parcel delivery you weren’t expecting). Always check with your usual contact for that service that the email, text or call is genuine before giving them any information. And don’t use any contact details contained within the suspicious email, text or call. Phishing emails may include the below:

Fake “missed parcel” messages

The National Cyber Security Centre has issued specific guidance on how to spot and what to do if you have clicked on a fake “missed parcel” message.

How will Evri contact you?

We may contact customers by email or text and ask for information in relation to an ongoing claim.

Generally, we will contact you by email or SMS to advise where your parcel is in our delivery process., At times, this may include a tracking link.

Our emails will typically be from @evri.com, @hermes-europe.co.uk or @myhermes.co.uk.

Our SMS messages:

  • Will not show the sender name as a mobile phone number
  • Will never ask you for payment
  • Will never include a link except for a tracking link called https://evri.link/...... (Please be aware even if the link does show as https:/evri.link/…… we cannot guarantee this is genuine. If you are unsure do not click a link and do not enter any personal details – see the Fake “missed parcel” messages section above.)

What is invoice fraud?

Invoice fraud (also known as mandate fraud or payment diversion fraud) is when someone gets you to change financial details (like a Direct Debit, standing order or bank transfer mandate) in order to defraud you or your organisation and pay monies to someone else. It can happen at home as well as in business. 

An invoice fraud attack can be done over the phone, by email or in writing. However genuine it sounds or looks, if you work for an organisation, ensure you follow the standard procedures for changing bank details before taking any action. If it’s at home, use your own information to contact and verify details with the genuine third party – particularly for online payments. 

How to report it and get support

If you’ve received a suspicious phone call, text message, interaction via social media or email, you should report it. Even if you spotted it and didn’t given them any information, it could help protect someone else.

  1. Does it mention Evri? Please be aware we cannot prevent you receiving fraudulent messages but we can help to deal with them when reported.

    a) If the phishing email mentions Evri, please report it to us at phishing@evri.com. Whilst we will not reply to you directly, we will work with our partners to investigate and takedown any associated fraudulent websites.
    b) Similarly if a smishing text message mentions Evri, please take a screenshot/photo and send it to us at phishing@evri.com.
    c) If your query is about data privacy and our use of your data, you can submit this here.
    d) If your query is about a parcel you have sent or are due to receive/have received from Evri, please refer to the FAQs.
  2. Other phishing emails can be forwarded to the UK’s Suspicious Email Reporting Service (SERS) report@phishing.gov.uk
  3. Smishing text messages can be reported by forwarding the text to 7726 (it’s free)
  4. For malicious calls, and if you’ve been the victim of any fraud report it to ActionFraud on https://www.actionfraud.police.uk/
  5. If you have provided your bank details, we recommend that you contact your bank straightaway and advise them you were a potential victim of fraud
  6. If you've experienced cybercrime, you can also contact the charity Victim Support for free, who are available for confidential support and information on https://www.victimsupport.org.uk/

To help protect yourself online, use your usual search engine to visit NCSC and Getsafeonline

How we protect our customers’ data

Customer data is important to us at Evri, that’s why we wanted to reassure you that we take your data security seriously.

Here are some of our activities you can depend on:

  • As we become aware of fake Evri websites or social media profiles we work with our partners to get them taken down.
  • We conduct ongoing security testing against our systems that process customer data, in order to confirm your information remains secure.
  • We also secure customers’ own Evri accounts by monitoring and blocking suspicious logon attempts.
  • Internally we ensure only those Evri colleagues who need access to your data have it and we provide guidance and training to them to ensure they know how to handle it appropriately and in line with GDPR requirements. We understand and have defined legal bases for all of our processing activity.

If you have questions about your own personal data held or processed by Evri, you can find contact information here.