IPHONE owners are being targeted with a ‘spray and pray’ iMessage attack that could fleece them of their hard-earned cash, parcel delivery firm Evri has warned.
The phishing messages comes from scammers posing as Evri – or representatives of the company – trying to collect a “nonsense” ‘redelivery fee’.
Scammers are sending these types of messages to thousands of iPhone owners via iMessage, in what Evri’s security chief Richa Bhuttar has called the “spray and pray” method.
This wide-net method is used to take “advantage of the millions of parcels we deliver to households every day,” says Bhuttar.
She added: “They know sending thousands of messages every day means some of them are likely to reach some people expecting a parcel.”
But Evri has revealed three red flags that will make it easy to spot a fake message and protect your accounts.
Evri's three red flags to spotting a fake iMessages
Evri - like other delivery companies - is regularly impersonated by cyber crooks looking to prey on innocent smartphone owners.
The firm works closely with a number of cybersecurity organisations, including the UK Government’s National Cyber Security Centre, to take down delivery scams as quickly as possible.
Three red flags Evri has outlined in fake iMessages are:
- Poor language
- A lack of personal greeting
- Unusual links
Scammers typically don’t have the best literacy skills – and their spelling and grammatical mistakes can make them easy to catch.
Legitimate Evri messages will always be spelled correctly – and will use the name that’s on your account.
Fake messages may instead begin with ‘Dear Customer’ or ‘Dear [your email address]’ instead of using your name.
Evri will also never include links in their text messages, except for a tracking link at this address: https://evri.link/.
However, Evri still encourages customers to practice caution when it comes to these links.
“Please be aware even if the link does show as https:/evri.link/… we cannot guarantee this is genuine,” the company writes in a help page on its website.
“If you are unsure do not click a link and do not enter any personal details.”
Tracking links will only ever ask for your order number – and not financial information.
According to Bhuttar, “Lots of these messages try to charge a ‘redelivery fee’ which is nonsense – we will attempt delivery three times before an item is returned and there is no charge.
“Gmail and Hotmail have pretty much got it nailed in terms of diverting phishing emails to quarantine folders whereas smaller mail providers seem to be less effective because their maturity is not at the same level.”
One victim of this scam told Which? in a 2022 report that she received a fake ‘redelivery’ text while waiting for a parcel from Evri.
She unfortunately entered her bank details – account number, sort code and CVC – into a form on the link provided, which allowed scammers to dip into her account to pay for a takeaway dinner.
Customers who fall victim to these kinds of attacks are urged to contact their bank immediately if they have passed over any financial details.
Evri also urged consumers to report suspicious activity on Evri’s website: evri.com/cyber-security.
All messages will be investigated with expert partners to take down associated fraudulent websites, according to the company.
Suspicious texts can also be reported by forwarding to
7226, which is free – or via Action Fraud on 0300 123 2040.
Read all the latest news, prices and rumours:
- iPhone 15
- Apple Watch 9
- Best iPhone apps and games of 2023
- Foldable iPhone rumours and leaks
- iPhone 16 rumours and release date
- iOS 18 features and rumours