Royal Mail-related phishing scams surge by 645%

Email sign with a fish hook on blue digital background
(Image credit: Shutterstock)

Researchers are warning of a 645% increase in Royal Mail-related phishing scams with March being the biggest month for attacks on record.

Check Point Software found that the recent surge involves hackers impersonating the Royal Mail by sending fraudulent texts and emails which link to phishing websites that are designed to look official. These websites request the recipient’s personal details which are then used to attempt to commit financial fraud.

Check Point discovered that March was the biggest month for attacks, with the average weekly number of Royal Mail-related cyber attacks reaching 150 - a 645% increase on the previous two months which only saw an average of 20.

Example of Royal Mail Phishing material

(Image credit: Check Point Software)

The researchers also found Royal Mail related threats in one out of every 35 organisations’ networks in the UK.

Furthermore, there were over 138 malicious Royal Mail-related websites that used convincing forms to encourage users to submit their personal information.

“During a time when many people are reliant on online deliveries and postal services, these Royal Mail scams are the latest in a string of shipping-related phishing emails where hackers have also impersonated Amazon, DHL and FedEx. It’s a particularly clever way that cybercriminals are trying to steal personal information, and the examples here are only a few of the scams pretending to be legitimate communication from Royal Mail,” said Tom Kendrick, EMEA security evangelist at Check Point Software.

Example of Royal Mail Phishing material

(Image credit: Check Point Software)

“We recommend everyone stays vigilant and watches out for small discrepancies, such as misspellings, in links and email addresses that they receive in messages which appear to come from delivery services. And remember - if an additional fee is due on an item, Royal Mail will leave a card with the intended recipient to confirm this and not send a text or email.”

Last November, it emerged that the BBC was hit with over 250,000 phishing emails every day. There was around an average of 6,704,188 per month and the corporation also blocked an average of 18,662 malware attacks a month.

Cyber crime has risen sharply during the pandemic and cyber security firm F5 Labs found phishing attempts had increased by 220% in the latter months of 2020. The firm also predicted that the number of attacks would grow by 15% year-on-year.

Zach Marzouk

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.