Phishing is when criminals use scam emails, text messages (SMS-phishing or smishing) or phone calls (voice phishing or vishing) to trick their victims. The aim is often to make you visit a website, which may download a virus onto your device or steal bank details or other personal information. They will often pretend to be someone, or an organisation, you trust.
These tactics can be very convincing and can even use genuine-looking branding and messaging. They often urge you to act fast as they don’t want you to have time to think about whether you should be doing what they’ve asked.
These attacks will often be unusual in some way or be unexpected (for example referring to a parcel delivery you weren’t expecting). If you have any doubts about a message, or if you suspect someone is not who they claim to be, don’t respond; instead contact the organisation directly. Don’t use the numbers or address in the message – use the details from their official website. Scam messages may include the following:
Look out for poorly written sentences with spelling and grammatical errors
They may use 'Dear Customer' or ‘Dear [your email address]’ instead of using the name you use on your account (though criminals are getting better at personalising messages)
They may include links or buttons in emails that urge you to click on them. Before you click on any links, hover over the button or URL to check it goes where it's supposed to. If it brings up an unrecognised address, it could be a scam
The email address will often be different from the usual email address you receive from that company, even just using a slight misspelling or different formatting.
The National Cyber Security Centre has issued specific guidance on how to spot and what to do if you have clicked on a fake “missed parcel” message.
Generally, we will contact you by email or text message to advise where your parcel is in our delivery process. At times, this may include a tracking link. We may also contact customers by email or text message and ask for information in relation to an ongoing claim.
Our emails will typically be from @evri.com, @hermes-europe.co.uk or @myhermes.co.uk.
Our SMS messages:
Invoice fraud (also known as mandate fraud or payment diversion fraud) is when someone gets you to change financial details (like a Direct Debit, standing order or bank transfer mandate) in order to defraud you or your organisation and pay monies to someone else. It can happen at home as well as in business.
An invoice fraud attack can be done over the phone, by email or in writing. However genuine it sounds or looks, if you work for an organisation, ensure you follow the standard procedures for changing bank details before taking any action. If it’s at home, use your own information to contact and verify details with the genuine third party – particularly for online payments.
If you’ve received a suspicious phone call, text message, interaction via social media or email, you should report it. Even if you spotted it and didn’t give them any information, it could reduce the amount of scam communications you receive and help protect others from cyber crime online.
To help protect yourself online, use your usual search engine to visit NCSC and Getsafeonline
Customer data is important to us at Evri, that’s why we wanted to reassure you that we take your data security seriously.
Here are some of our activities you can depend on:
If you have questions about your own personal data held or processed by Evri, you can find contact information here.