“Simon attempted to deliver today your parcel but no one answrerd. Reschedule at: https://postoffice-depot38.com”.
If you’re anything like me you’ll get two to three of these a week. I didn’t follow the link but no-doubt if I had then I’d be expected to devulge some sort of payment or some password.
It’s obviously fake from the website link and whenever I receive that’s the first thing I look at. Web addresses are both easy and hard to fake. They consist of a top level domain that is commonplace across many websites:
- .com
- .co.uk
- .org
- .net
In this case this is a .com top level domain as are millions of other websites. It’s worth noting there are many - probably too many - top level domains, a comprehensive list can be found here on Wikipedia.
The next part postoffice-depot38 is the second level domain and this will be the part that uniquely identifies the organisation and is hard to fake which is why the scammers have used the word postoffice-depot38 - there is no way they can fake the combination of topm level and secondary domain royalmail.com. Any link ending in that will always go to the royal mail website - whether they were expecting it or not.
It’s just possible that someone could use another top level domain such as “".biz” e.g. royalmail.biz but most large, public facing organisations that care about their reputation will have already bought those so the chances are that royalmail.biz is owned by the Royal Mail - they may not use it.
Another way of fooling people is to put royalmail into the next level up - typically called the host name e.g.
royalmail.return-deliveries.com
In this case someone has purchased the domain name return-deliveries.com then set up a server royalmail.return-deliveries.com which is very easy to do. Once they own that return-deliveries.com They could just as easily set up dhs.return-deliveries.com or parcelforce.return-deliveries.com
As a scam this is still easy to spot. The only thing you need to know is that the link and any information you divulge to that link is going to someone who owns “return-deliveries.com”.
In a nutshell:
royalmail.return-deliveries.com is a web address owned by return-deliveries.com
return-deliveries.royalmail.com is a web address owned by royalmail.com