Surge in WhatsApp Delivery Scams Targets UK Consumers,Exploiting Evri brand

Consumer watchdog Which? has warned of a meaningful increase in sophisticated WhatsApp scams,with fraudsters leveraging compromised business accounts to distribute deceptive messages about failed deliveries. These messages lure unsuspecting individuals to meticulously crafted copycat websites designed to steal personal and financial information.

The scams primarily target deliveries purportedly from Evri, a major UK parcel delivery organization that handles approximately 700 million packages annually. Scammers send messages informing recipients of a missed delivery, prompting users to click a link to “reschedule a new delivery.” A key indicator of these scams is frequently enough poor grammar and writing quality. Crucially, the provided links do not direct users to Evri’s official website, evri.com.

Evri has emerged as a prime target for fraudsters, ranking among the top five delivery brands most frequently impersonated. One particularly convincing scam site utilized up-to-date branding and logos,aggressively soliciting sensitive data including names,phone numbers,dates of birth,addresses,and bank card details. This information, once obtained, can be exploited for a wide range of malicious purposes.

How to Identify Scam websites

Which? offers several crucial steps to help consumers identify and avoid falling victim to these scams:

• Domain Creation Date: “Type it into who.is to see when it was created as newly formed websites should be a red flag,” advises Which?.A recent check of a site impersonating Evri revealed it was registered less than a week prior to discovery.
• web Address Verification: Consumers should exercise caution with any website address that deviates from a brand’s official domain. Most established brands maintain a single, official online presence.
• Broken Links: Scam websites frequently enough contain non-functional links, serving as a clear indication of their fraudulent nature. On the fraudulent Evri site, all links were reportedly “dead links,” designed solely to collect user data.

Individuals who encounter suspected scam websites are encouraged to report them to the National Cyber Security Center (NCSC) via its website. WhatsApp users can also block and report suspicious senders directly within the app by tapping on the sender’s account and selecting the appropriate options.

Financial Impact and Reporting

The financial toll of these scams is ample. Reports indicate that approximately £11.4 billion was stolen from UK customers through scams in the 12 months leading up to November 2024, with “rogue delivery messages, shopping and investment” schemes being the most prevalent. Victims lost an average of £1,400, and half reported experiencing significant emotional distress consequently. Alarmingly, 71% of those affected failed to report the incidents to law enforcement.

If you have been a victim of a scam, it is imperative to immediately contact your bank using the number on the back of your card and report the incident to Action Fraud.In Scotland, individuals should contact the police on 101.

Vulnerability and Emerging Threats

Which? notes that individuals experiencing recent changes in their health or personal circumstances may be particularly vulnerable to scams.A vulnerability assessment tool is available to help individuals gauge their risk.

Recently, scammers even attempted to create a fraudulent website mimicking Which? itself, though it was subsequently taken down. To ensure you are accessing the legitimate Which? website,verify that the address is which.co.uk, including subdomains like computing.which.co.uk.

Which? also recommends vigilance regarding unsolicited requests or messages, even from seemingly trusted contacts. confirming the authenticity of such communications through a known phone number is crucial. Furthermore, consumers should exercise caution with online advertisements, as scammers frequently utilize paid placements on social media platforms.A domain checker like ICANN Lookup can reveal a website’s creation date; the genuine Which? website was established in July 1995.

individuals who encounter scams can contribute to collective awareness by sharing details using a dedicated scam sharer tool.