Fake Delivery Texts in the United Kingdom
How smishing messages impersonating Royal Mail, Evri, DPD, and other UK carriers are used to harvest card details and personal data — with UK-specific reporting routes.
Part of: Fake Delivery Texts
Last reviewed: 1 June 2026
Fake delivery notification texts are among the most widely received scam messages in the United Kingdom. They arrive claiming a parcel could not be delivered, that a customs fee is owed, or that delivery preferences need updating — and direct recipients to a convincing fake website that collects card details or personal information.
Because the UK has a high volume of online shopping and a small number of dominant carriers, impersonating Royal Mail or Evri is particularly effective: most UK residents are expecting at least one delivery at any given time. This guide covers the specific UK carrier brands targeted, the regulatory context, and the correct reporting routes including Action Fraud and the 7726 SPAM text service.
How this scam works on the United Kingdom
The most commonly impersonated UK brands in fake delivery texts are Royal Mail, Evri (formerly Hermes), DPD, and Parcelforce. Texts typically claim a small fee — often £1.99 or £2.99 — is owed for customs, redelivery, or a storage charge, and include a link to a fake site that mirrors the carrier's genuine branding.
The payment page on the fake site captures full card details, billing address, and sometimes a second authentication code sent to the victim's phone (entered into the fake site in a real-time relay attack against the real card network). In more elaborate variants, the site also requests driving licence or passport details under the pretence of 'identity verification for customs.'
The National Cyber Security Centre (NCSC) and Action Fraud regularly publish warnings about these campaigns, and the 7726 SPAM reporting number is promoted by UK mobile operators as a primary first step for recipients.
Common red flags
- Unexpected text from Royal Mail, Evri, DPD, or Parcelforce with a link to pay a small fee
- URL in the text does not end in .co.uk or .com for the genuine carrier's known domain
- Request for full card details on a website you reached via a text link
- Request for a one-time passcode sent to your phone — enter it only on the bank's genuine site, never on a site you reached via a text
- Text arrives when you are not expecting a delivery
How to protect yourself
- Never click a link in an unexpected delivery text — go directly to the carrier's official website to track your parcel
- Royal Mail's official site is royalmail.com; Evri is evri.com — type these yourself
- UK carriers rarely charge a fee via text — check the carrier's official site directly if you believe a genuine charge applies
- Forward suspicious texts to 7726 (SPAM) — this is the UK's free carrier-reporting service
- Enable two-factor authentication on your email and bank accounts so that credential theft has limited downstream impact
How to report it
- Forward the scam text to 7726 (SPAM) — free on all major UK networks
- Report to Action Fraud at actionfraud.police.uk or by calling 0300 123 2040
- Report the phishing website to the NCSC using the Suspicious Email Reporting Service: [email protected] (also accepts websites via the same address)
- If card details were entered, contact your bank immediately using the number on the back of your card
Frequently asked questions
Does Royal Mail ever send texts asking for payment via a link?
Royal Mail may send delivery notification texts, but these do not ask for card payment via a link in the message. If a customs charge applies, Royal Mail uses a card payment facility on their official royalmail.com site, not a link in a text. When in doubt, track your parcel directly on royalmail.com.
What is 7726 and how does it help?
7726 spells SPAM on a phone keypad. Forwarding a suspicious text to this number sends it to your mobile carrier, who can investigate and block the sending number. It is free to use on all major UK networks and takes seconds to do.