Beware of Royal Mail email scam

Message sent by
Action Fraud (Action Fraud, Administrator, National)


Royal Mail Email Scam
A scam email is currently being sent to victims fraudulently claiming to be from the Royal Mail. Attached to the email is the CryptoLocker virus.

The victim receives an email purporting to be from the Royal Mail stating that they are holding a parcel/letter for the victim. The victim is then required to contact the Royal Mail to arrange for the item to be resent/collected.

By following the instructions within the email the CryptoLocker virus is subsequently downloaded to the victim’s computer. This virus encrypts files on the victim’s system and requests a ransom be paid in order for the files to be decrypted.

Additional incentive is added for early repayment as the ransomware states that the cost of decrypting the files will increase the longer the fine is outstanding.

Protect yourself:

  • Look at who the email is addressed to. Is it generic or specifically addressed?
  • Look at the quality of the images included on the email. Are they of sufficient high quality that they could come from Royal Mail?
  • Do not open attachments from unsolicited emails regardless of who they are from.
  • Do not click on the link supplied. Instead, go to the relevant website and log in from there.
  • Check the address of any email received to see if it appears legitimate.


If you believe that you have been a victim of fraud you can report it online http://www.actionfraud.police.uk/report_fraud or by telephone 0300 123 2040

One thought on “Beware of Royal Mail email scam”

  1. Update from Tanswell Technology: We at Tanswell Technology Ltd have also seen one successful infection of Cryptowall from a similar email with an infected link purporting to be from British Gas. This is a new strategy and the emails are well crafted to bypass many spam and gateway virus protection systems as they actually contain no viruses. Remember people, log into your account from the provider’s website and not from email links. There is no current cure for Cryptowall/Cryptolocker 3.0 other than paying the huge ransom and hoping they provide the decrypt code.

Leave a Reply

The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.