Phishing email scams target ‘vulnerable people’ says expert
The scam has been classed by DPD as "phishing", where cybercriminals "fish" for people's usernames, passwords, bank or financial information. This has seen people receive an email with a notification, alert or request for information from a website similar to that of DPD. Cybercriminals will often force a sense of urgency to make people click on links included in the email but when they enter their details, they are immediately passed to a fraudster.
DPD said people are also often asked to download software or install a file onto their device, "often under the pretence of creating or changing a label".
But in doing so, the person runs the risk of infecting their device with a virus, malware or ransomware that very often puts other files and data at severe risk.
In one example seen by Express.co.uk, a customer was sent an email with the subject line: "Your parcel is on hold - Ticket:[XXXXXX] Important information about your parcel | Your DPD.co.uk order of "DPD Postal service Team UK..." and 1 more item(s) has been dispatched."
The message states: "Due to a lack of complete address information, we have been unable to deliver your parcel.
DPD has warned customers to beware of a new 'payment fraud scam'
Cybercriminals are targeting DPD customers with the phishing scam
"We require additional details to attempt re-delivery of this parcel, as the address provided appears to be incomplete.
"Please provide the complete information for this address to attempt redelivery.
"Currently, your parcel is being stored in our local depot.
Customers are receiving emails claiming to be from DPD
The email provides two options for the customer - update and complete the delivery address; or arrange delivery to a new address.
The message adds: "Fees will apply for any arranged redelivery, the details of which are included in the links above.
"If your preference is to pick up your parcel in person, you can do so from our depot at Frogmore Industrial Estate, Acton Ln, Park Royal London NW10 7NQ.
"If you`d like to contact us directly, please do not respond to this automated email.
DPD has 'recently been made aware of a payment fraud scam'
DPD has advised customers how to spot a phishing email
"Instead, contact us on our contact form quoting this specific parcel number provided above.Kind regards, DPDgroup."
In a final attempt to make the request sound legitimate, the email concludes: "This e-mail was sent to you by DPDgroup. Please do not reply directly to this address."
But in a message on its website, DPD said it had been made aware of a "payment fraud scam requesting payment for the delivery of a parcel", while providing two examples for customers to view.
The parcel delivery service warned: "We have recently been made aware of a payment fraud scam requesting payment for the delivery of a parcel, with some examples shown below.
"These messages do not come from DPD and if you have been a victim or paid money please contact Action Fraud."
DPD has also advised customers how to identify a phishing email and to avoid becoming a victim of such a payment fraud scam.
People are asked to look out for poor language used in the email, such as badly written text with spelling and grammatical errors, while the person will normally be addressed as "Dear Customer" or "Dear Sir/Madam".
The message will also be sent from a "vague" email and will look different from the valid dpd.co.uk, dpdlocal.co.uk or dpdgroup.co.uk addresses.
Any emails will also likely contain several links and buttons that urge people to click on them.
DPD admitted: "Unfortunately we cannot prevent cybercriminals from targeting you in this way.
"We use industry-leading tools and services to detect, prevent and deter these attacks, and updates and alerts will be sent to customers or available from this page."
The parcel delivery service advises anyone who thinks they have been a victim of online fraud to report it on the Action Fraud website.