Real Delivery Locker Code vs Locker Phishing
Tell a genuine parcel locker access code from a phishing text exploiting the parcel-locker format.
Last reviewed: 1 June 2026
Parcel lockers work well, and the codes they send are genuine almost every time. A real one follows an order you remember placing, arrives from the carrier or retailer you expect, and does exactly one thing: it opens a door when you type it into the keypad. There is no fee and nothing to activate. Locker phishing is convincing because parcels arrive in a blur, especially in a household where several people order things, and because a short code alongside a tracking link is precisely what you are used to seeing. The distinction to hold on to is that a genuine locker code needs no website at all. If a message wants you to click, log in, or pay before the code will work, the code is not the point of the message.
Side-by-side comparison
| Real locker code | Locker phishing | |
|---|---|---|
| Trigger | Arrives after you placed an order and the carrier confirms delivery to a locker | Arrives unexpectedly with no order to match it to |
| Action required | Enter the code at the locker keypad; no login or payment needed | Asks you to click a link, pay a fee, or log in to 'release' the parcel |
| Sender | Recognised shortcode or official email domain of the carrier or retailer | Generic mobile number or lookalike domain |
| Fee | No fee to collect from a locker you booked | Claims a customs or redelivery fee is required before the code works |
| Code format | Code works at the locker with no additional steps | Code is presented alongside a link 'to activate it' |
Common red flags
- A fee required to activate or use the locker code
- A link to a website to 'complete' collection
- Locker code arrives with no corresponding order in your account
- Sender number or domain does not match the official carrier
- Urgency threatening that the locker will be reallocated within the hour
Verification steps
- Check your order confirmation email or the retailer's app to verify that a locker delivery was scheduled
- Do not follow any link — go straight to the locker with the code
- Check the carrier's official tracking tool using your order reference
- If the code does not work at the locker, contact the carrier through their official app
What not to do
- Don't click any link in a locker code message
- Don't pay any fee to use a locker code
- Don't enter personal or card details to 'activate' a code
A safe response
Do not open the link. If you think a parcel really is waiting, check your order history in the retailer's app or the carrier's official app, opening both yourself rather than through the message. If a delivery is genuinely there, walk to the locker and type the code into the keypad. If the code fails, contact the carrier through their app. Delete anything that asked for a fee, and forward the text to 7726, which is free. If you already paid or entered card details, ring your bank on the number on the back of your card and report it to Action Fraud.
Frequently asked questions
I did order something and the message matches. Can it still be a scam?
Yes, and this is the hardest version to spot. Scammers send these texts in huge volumes, so some land on people genuinely expecting a parcel purely by chance. The coincidence feels like confirmation. Ignore the timing and judge the request instead. Check the delivery status in the retailer's or carrier's own app, and remember that a genuine locker code is used at the keypad and never requires a payment or a login through a text link.
I paid a small redelivery fee before I realised. Is a few pounds worth reporting?
Yes, and the fee is rarely the real objective. What they wanted was your card details and your confidence, and small charges are often followed by larger attempts or by a call claiming to be your bank. Ring your bank on the number on your card, tell them the details are compromised, and ask about replacing the card. Report it to Action Fraud. Small reports still help build the picture behind these campaigns.
Do locker codes ever require a link to activate?
No. Genuine locker codes work directly at the keypad. Any message asking you to click a link to activate a code is a phishing attempt.