Hermes Phishing Website (Fake Redelivery Scam)

Started by zx261242, May 13, 2022, 06:20 AM

Previous topic - Next topic
May 13, 2022, 06:20 AM Last Edit: Sep 16, 2022, 01:08 AM by zx261242
So I received a text from UK mobile number: +447734373958. The text reads:

We tried to deliver to you today and were unsuccessful, to reschedule visit https://myhermes.reattemptpackages.com/

Of course, this is a scam and can easily dismissed by looking at the URL and checking it with the actual Hermes website URL.

The first page showed an alert from google safe browsing, this means that someone has previously reported this to google.



The next page asks the user to confirm the postcode. It wouldn't matter what postcode was entered as the result will always be the same.



The next page of the fake Hermes website informs the user that they have missed a parcel.



This page would like your personal details to target you with more scams in the future:



The next page would love all your banking details, it's worth noting I'm not aware of any parcel companies in the United Kingdom that charge for any re-deliveries!



The final page on the fake Hermes website will confirm the scammer has all your important information!




My Avast picked this up straight away....

Like most phishing websites it started with a text message or two text messages in this case.

The first message came from +447305135343 with the message:

Hermes: Please confirm the redelivery date for your item at https://hermes.check-reschedule-online.com


The second text message came from +447305999739 with the following message:

Hermes: Sorry we missed you. To confirm new slot, please visit https://hermes.check-reschedule-online.com



So the Hermes phishing site is set up with one purpose to extract details from users including financial information.

The first page of the fake Hermes site asks the victim for a postcode



Next, the phishing site tells the user they have missed a delivery. This of course is NOT true



It's worth noting that hardly any links work on these fake websites, I find the scammers are too lazy to make working links. The only ones that work are the ones the scammer would like you to click on.



The following page on the fake Hermes site asks users to confirm their details. Again its worth noting you could write anything here as the scammer does not know who you are. The purpose of this website is to extract all the required details from you.



Next, the scammer would like your card details:



The final page is another load of nonsense, it informs the user that the parcel will be delivered the next day:





Hopefully posting examples like this can help others being scammed by these fraudsters

The latest one is doing the rounds. the text came from +447599693591 (07599693591) with the following message:

Evri: Your driver ADAM attempted to deliver your parcel today but was unsuccessful. Please rearrange your delivery via: https://evri-fee-parcel.web.app

Ive had a text message this morning from +447759708087 with the following message:

EVRI:Sorry we missed you, Our driver was unable to deliver your parcel. Please find further delivery options by following here: https://evri-trackit.com/
It did take me to a Evri phishing site. I know hermes changed their name to Evri a couple of months back

The site seems to be offline now though and it has already been reported to google safe browsing.

Another Evri phishing site is in action. Text messages are being sent from +447542836873 with the following message:

EVRI: Your parcel has been returned to our depot due to a failed delivery attempt. Please visit https://gb-evri.web.app to rearrange delivery.
The actual site will redirect you to the real Evri domain on desktop but on mobile, it shows the Evri phishing site.

A friend received this text today from mobile number +447593286308:

𝘃𝗿𝗶: Your parcel has a £1.45 𝘀𝗵𝗶𝗽𝗽𝗶𝗻𝗴 fee, to 𝗽𝗮𝘆 this now visit: evri-redelivered-fees.com. 𝗙𝗮𝗶𝗹𝘂𝗿𝗲 will result in your 𝗽𝗮𝗿𝗰𝗲𝗹 being 𝗿𝗲𝘁𝘂𝗿𝗻𝗲𝗱 to sender.