Thousands of UK consumers are being targeted by sophisticated text message scams impersonating Evri, the courier delivery service formerly known as Hermes. These fraudulent messages, which often coincide with legitimate deliveries, are tricking recipients into sharing personal and financial information through fake websites designed to steal sensitive data.
The Growing Threat of Evri Package Delivery Scam Texts
Delivery scam texts have become increasingly common as online shopping continues to dominate retail. According to Action Fraud, parcel and delivery service impersonation scams increased by 83% in 2023 alone, with courier services like Evri, Royal Mail, and DPD being the most frequently impersonated brands.
What makes these scams particularly effective is their timing. Many recipients report receiving these fraudulent texts on the same day they’re expecting legitimate Evri deliveries, suggesting either coincidental mass messaging or potentially compromised delivery information.
“These messages are designed to create a sense of urgency,” explains cybersecurity expert Maya Thompson. “When people are expecting a package, they’re more likely to act quickly without checking for the warning signs of a scam.”
Common Fraudulent Text Message / Email Patterns
Scam texts impersonating Evri follow several recognizable patterns. Below are the most common variations identified from victim reports:
1. Evri Package Notification Scam
Evri Package Notification
Dear Customer,
Your Evri package has arrived at our local distribution center. Due to incomplete address information, we are temporarily unable to complete the delivery. Please click the following link to update your address information within 12 hours so that we can arrange re-delivery as soon as possible: [suspicious link]
To confirm your information update and process your package, please reply to this text message “Y”. You can also copy the link to your browser to access directly to get the latest progress on your package.
Thank you for choosing Evri. If you need further assistance, please feel free to contact our customer service team.
Best wishes,
Evri Team
2. EVRI Post Office Alert Text
EVRI Post Office: We regret to inform you that your package was not successfully delivered due to the incomplete address information provided. Please update your address details using the following link: [suspicious link]
Have a wonderful and enjoyable day!
3. EVRI Express Delivery Exception
EVRI express delivery exception notification. The courier cannot contact you when delivering the goods, and does not have your detailed address. Please update the address in the link as soon as possible so that your courier can deliver to you as soon as possible.
[suspicious link]
(Please reply Y, then exit the SMS, reopen the SMS activation link, or copy the link and open it in Safari browser) Have a great day, EVRI team!
4. Evri Reschedule Delivery Email/Text
The EVRI mail package has arrived at the warehouse and cannot be delivered due to incomplete address information. Please confirm your address in the link within 12 hours.
[suspicious link]
The EVRI mail team wishes you a wonderful day
Evri: Your package was not delivered because the delivery address was unclear. Your package has been returned to our distribution center. The cost of re-delivery will be borne by you. Please read the message and update the address in the link. We will ship again on August 08, 2024
[malicious link]
5. Evri Parcel Drop-off Tracking Alert
Evri: Your parcel [random number] is waiting at our local depot. Due to failed delivery attempt, please reschedule using: [suspicious link]
A small fee of £1.99 will be charged for redelivery. Thank you for your cooperation.
Reported Fraudulent Contact Information
Victims have reported receiving these scam messages from various sources:
| Type of Contact | Examples Reported |
|---|---|
| UK Mobile Numbers | 07944 852975, 07301 161179, 07723 459831 and Several other |
| International Numbers | +255 778 037 284 (Tanzania), +39 351 878 4567 (Italy) |
| iMessage Email Addresses | [email protected], [email protected] and more |
| Fake Websites |
Official Statement from Evri
Evri has acknowledged the ongoing scam campaign targeting its customers. On their official website, the company provides clear guidance on how to identify legitimate communications:
“Our text messages will NEVER ask you to reschedule a delivery or ask for payment to do so. We attempt all deliveries up to 3 times,” states Evri’s fraud prevention page. “Our text messages will only ever send a tracking link to our tracking page at Evri.com. If you are unsure, do not click the link.”
The company emphasizes that legitimate Evri text messages will only ever come from “Evri” as the sender identifier, not from a mobile phone number or email address.
Red Flags: How to Identify Evri Scam Messages
According to the National Cyber Security Centre (NCSC) and Evri’s official guidance, consumers should watch for these telltale signs of fraudulent messages:
- Sender information: Legitimate Evri texts come from “Evri” as the sender, not a mobile number or email address.
- Unusual urgency: Scam messages typically create artificial time pressure with phrases like “within 12 hours” or “as soon as possible.”
- Payment requests: Evri never requests payment for redelivery in their text messages.
- Suspicious links: Legitimate Evri messages only contain links to evri.com. Any other domain (like evrinr.top or evri-serve.buzz) is fraudulent.
- Poor language: Many scam messages contain unusual phrasing, grammatical errors, or overly formal language like “The EVRI mail team wishes you a wonderful day.”
- Request to reply “Y”: This is a technique used by scammers to bypass SMS security filters and should be considered highly suspicious.
- Lack of specific tracking information: Legitimate delivery notifications include specific tracking numbers or order references.
Suspicious Coincidences Raise Data Security Questions
One concerning aspect of this scam campaign is the timing of messages. Multiple Reddit users have reported receiving these fraudulent texts on the same day they were expecting legitimate Evri deliveries, raising questions about possible data breaches.
“I had an evri delivery fail at 2pm. Got this text at 7pm. Coincidence? It’s really dodgy,” wrote one Reddit user.
Another commented: “I have a msg on WhatsApp that my parcel is being held have to give my details as they don’t have all the details to deliver or something. I do have two parcels on the way today but I’m going to wait.”
While Evri has not confirmed any data breach, the pattern has led some to speculate about compromised delivery information, either through technical vulnerabilities or potential insider involvement.
Consequences for Victims
Those who fall victim to these scams face serious consequences. Many Reddit users report having their financial information stolen after entering card details on fake websites.
“I put my payment and information on there but it didn’t go through,” wrote one victim seeking help. Another user advised: “Hopefully it’s not too late, but you’d be best cancelling that card and getting a new one, they’ll likely have saved your card details and sell them onto other scammers.”
The scam typically works in two phases:
- Victims enter personal information including name, address, and phone number
- The fake site then requests a small payment (usually £1.99-£2.99) for “redelivery fees”
- When payment details are entered, scammers capture the card information
How to Protect Yourself from Delivery Scams
The NCSC and cybersecurity experts recommend these steps to protect yourself:
Immediate Actions if You Receive a Suspicious Message
- Do not click on any links in unexpected text messages
- Report the message by forwarding it to 7726 (UK’s spam reporting service)
- Report to Evri at [email protected]
- Delete the message
- Block the sender
If You’ve Already Clicked a Link or Shared Information
- If you’ve installed any app: Perform a factory reset on your device (without backing up first)
- If you’ve entered financial details: Contact your bank immediately to cancel your card
- Change passwords for any accounts you logged into after clicking the link
- Enable two-factor authentication on important accounts
- Monitor your accounts for suspicious activity
Prevention Measures
- Check delivery status only through official channels:
- The official Evri website (www.evri.com)
- The official Evri app downloaded from legitimate app stores
- Keep your device’s operating system and security software updated
- Be skeptical of any delivery messages creating urgency
- Remember that coincidences happen—just because you’re expecting a delivery doesn’t mean the text is legitimate
The Broader Context of Smishing Attacks
These Evri scams are part of a larger trend of “smishing” (SMS phishing) attacks targeting consumers. Delivery services are particularly attractive for scammers because nearly everyone receives packages regularly.
“The success of these scams relies on volume,” explains digital security consultant James Nguyen. “They send thousands of messages knowing that a percentage of recipients will be expecting deliveries. Even a small success rate makes it profitable for criminals.”
The UK’s NCSC warns that these scams tend to increase during busy shopping periods like Black Friday and Christmas when more people are expecting deliveries.
Conclusion: Vigilance is Key
As online shopping continues to grow, delivery-related scams are likely to remain a persistent threat. The sophistication of these scams—including potential targeting based on actual delivery information—makes them particularly dangerous.
By understanding the patterns, recognizing the warning signs, and following official guidance from Evri and cybersecurity authorities, consumers can better protect themselves from falling victim to these increasingly convincing scams.
Remember: legitimate delivery companies will never ask you to pay for redelivery via text message, and when in doubt, always go directly to the official website or app rather than clicking on links in unexpected messages.
If you believe you’ve been targeted by a scam text, report it to the National Cyber Security Centre by forwarding the message to 7726 and contact your bank immediately if you’ve shared financial information.
