How to spot and report potential fraud

Our commitment

We're committed to protecting the privacy and security of our customers and website visitors. Staying safe online can be tricky, which is why we've created this handy guide to help you.

What is phishing?

Phishing is when criminals use scam emails, text messages, social media sites, messaging apps (e.g. WhatsApp) or phone calls to trick victims. The aim is often to make consumers visit a website, which download a virus onto your device or steal bank details or other personal information. They will often pretend to be someone, or an organisation, you trust. These tactics can be very convincing and often use genuine-looking branding and messaging. 

How to spot scam messages or calls

Phishing is when criminals use scam emails, text messages, social media sites, messaging apps (e.g. WhatsApp) or phone calls to trick victims. The aim is often to make consumers visit a website, which download a virus onto your device or steal bank details or other personal information. They will often pretend to be someone, or an organisation, you trust. These tactics can be very convincing and often use genuine-looking branding and messaging. Scam messages may include the following:

default

Poor language

Look out for poorly written sentences with spelling and grammatical errors

default

Lack of a personal greeting

They may use 'Dear Customer' or ‘Dear [your email address]’ instead of using the name you use on your account (though criminals are getting better at personalising messages)

default

Link or button

They may include links or buttons in emails that urge you to click on them. Before you click on any links, hover over the button or URL to check it goes where it's supposed to. If it brings up an unrecognised address, it could be a scam

Phone icon

An unusual or vague email address

The email address will often be different from the usual email address you receive from that company, even just using a slight misspelling or different formatting.

Fake “missed parcel” messages

The National Cyber Security Centre has issued specific guidance on how to spot and what to do if you have clicked on a fake “missed parcel” message.

Examples of a scam message

Example 1: Email

  • Branding - The logo is not up to date and the brand colours have been incorrectly used
  • Poor language - 'Delivery Informed', 'is missed delivery', and 'wanting to tracking the shipment' are all examples of poorly written sentences
  • Lack of personal greeting - There is no name or personal information to identify the recipient of this message
  • Links or buttons - This message encourages the recipient to click a link to enter personal information. If you need to change your personal details, simply visit to our website evri.com and log into your account to update these under My account.
  • Unusual email address - The email address includes a random series of numbers and from '@datapacket.ca' which doesn't match our standard email address formats

Example 2: Text

  • Poor language - 'can not’ is uncommonly used in standard grammar
  • Lack of personal greeting - There is no name or personal information to identify the recipient of this message
  • Links or buttons - Our SMS text messages will only send a tracking link. This message encourages the recipient to change their address information.
  • Unusual email address - The contact name is unclear with a series of letters and from '@constitutetc.click' which doesn't match our standard email address formats

Example 3: Email

  • Branding - The logo is not up to date and the strapline is incorrect
  • Lack of personal greeting - There is no name or personal information to identify the recipient of this message
  • Tracking number - The short reference number doesn't match our standard tracking number version. Evri tracking numbers are 16 digits long and contain a combination of numbers and letters. If your Courier has already attempted to deliver your parcel, you should’ve received a calling card with an 8-digit number printed on it, and you can use this to track your parcel instead. You can use our tracking page to check your number is valid
  • Links or buttons - This message encourages the recipient to click a link to reschedule their delivery and asks for a payment. We will never charge UK recipients for a redelivery. If our Courier is unable to deliver in person, they will leave the parcel in your safe place or redeliver on the next working day. We'll make up to three delivery attempts on consecutive working days for free before returning the parcel to the sender.

How will Evri contact you?

We will contact you by email or text message to advise your parcel is in our network. At times this will include a tracking link the takes you directly to our website Evri.com On occasion we may also contact customers via email or text in relation to an ongoing claim. Our emails will typically be from @evri.com, @hermes-europe.co.uk or @myhermes.co.uk.

Click here for the full list of email domains that we use

Our text messages:

  • Will NEVER ask you to reschedule a delivery or ask for payment to do so. We attempt all deliveries 3 times.
  • Will NEVER prompt you to install any apps.
  • Will only ever send a tracking link (no other links), this will be to our tracking page at Evri.com. If you are unsure, do not click the link. You can track your Evri parcels directly here.

What is invoice fraud?

Invoice fraud (also known as mandate fraud or payment diversion fraud) is when someone gets you to change financial details (like a Direct Debit, standing order or bank transfer mandate) in order to defraud you or your organisation and pay monies to someone else. It can happen at home as well as in business. 

An invoice fraud attack can be done over the phone, by email or in writing. However genuine it sounds or looks, if you work for an organisation, ensure you follow the standard procedures for changing bank details before taking any action. If it’s at home, use your own information to contact and verify details with the genuine third party – particularly for online payments. 

How to report scam messages and calls and get support

If you’ve received a suspicious phone call, text message, interaction via social media or email, you should report it. Even if you spotted it and didn’t give them any information, it could reduce the amount of scam communications you receive and help protect others from cyber crime online.

  1. Does it mention Evri? Please be aware we cannot prevent you receiving fraudulent messages, but we can help to deal with them when reported.

    a) If the suspicious email mentions Evri, please report it to us at phishing@evri.com. Whilst we will not reply to you directly, we will work with our partners to investigate and take down any associated fraudulent websites.
    b) Similarly, if a suspicious text message mentions Evri, please take a screenshot/photo and send it to us at phishing@evri.com.
    c) If your query is about data privacy and our use of your data, you can submit this here.
    d) If your query is about a parcel you have sent or are due to receive/have received from Evri, please refer to the FAQs.
  2. If you have received other emails you think are scams, forward them to report@phishing.gov.uk
  3. Report a text message you think is a scam (smishing) by forwarding it to 7726 (it’s free).
  4. For malicious calls and if you’ve been the victim of any fraud, report it to ActionFraud on https://www.actionfraud.police.uk/
  5. If you have provided your bank details, we recommend that you contact your bank straight away and advise them you were a potential victim of fraud
  6. If you've been the victim of crime, you can also contact the charity Victim Support for free, who are available for confidential support and information on https://www.victimsupport.org.uk/

To help protect yourself online, use your usual search engine to visit NCSC and Getsafeonline

man carrying parcels walking through door to local shop

How we protect our customers’ data

Customer data is important to us at Evri, that’s why we wanted to reassure you that we take your data security seriously.
Here are some of our activities you can depend on:

  • As we become aware of fake Evri websites or social media profiles we work with our partners to get them taken down
  • We conduct ongoing security testing against our systems that process customer data, in order to confirm your information remains secure
  • We also secure customers’ own Evri accounts by monitoring and blocking suspicious logon attempts
  • Internally we ensure only those Evri colleagues who need access to your data have it and we provide guidance and training to them to ensure they know how to handle it appropriately and in line with GDPR requirements. We understand and have defined legal bases for all of our processing activity

If you have questions about your own personal data held or processed by Evri, you can find contact information here.