Courier Scams – How They Work and How to Fight Them

Courier scams have long been a problem, but the threat has gathered momentum in recent months

The ‘courier scam’ is a global issue that intensified late last year and presented another worrying trend in the new world of digital payments and card scams. Courier scams have long been a problem, but the threat has gathered momentum in recent months, as fraudsters have found a lot of success and will continue the ‘winning’ formula while they still can find a victim that will fall to their schemes.

But why is this same attack repeated with such frequency and what can we do to be more resilient to the threat?

The Scheme

The attack is simple – an SMS or email comes out of the blue from an unknown number or address, notifying the target that they have missed a delivery and that it will need to be re-arranged. These typically reference the largest of the local delivery companies or even the central mailing services within the attack region. When the victim follows the link to re-arrange their fake delivery, they are asked for a host of information along with a fee for redelivery. These scams are very successful — here’s how they work:

1. A fraudster will always imitate a company to generate maximum potential to find a victim. This is why tax entities and home utilities are always a popular target for fraudsters, but during COVID-19 lockdowns, our lives were forced to be remote – which brought with it an increase in the use of courier services to meet the exploding demand of customers purchasing from e-commerce channels. Mix this increase in consumer demand with the fact that most customers purchase from a vendor they know, but they do not know who will be delivering the item, and you have a rich and varied target set for the fraudster.

Fake webpage for Royal Mail
Fake webpage for Royal Mail

2. Like many modern card and e-commerce frauds, the scam itself contains a range of attack vectors in a single place. This includes phishing of personal and account-level information as well as compromising the PAN / CVV for use in a fast-following fraud attack. It is also becoming more common that these attacks are part of a unified scam whereby high-value fraudulent goods are being ordered in the background, with the customer then tricked into completing the authentication steps prompted by their ‘redelivery’.

Example from FedEx Recognize & Report Fraud page

3. Creating a multi-layered and extremely convincing web page to mimic genuine services is easier than ever before. Mass communication methods by SMS or email are commonplace and often incredibly low cost – a service that is enjoyed by fraudsters and genuine companies alike. It is also quicker and easier than ever to purchase and design a high-quality web domain and even more troublesome is that in many instances, the design includes an offering for fraudulent mobile applications. All of these schemes are low-cost, but highly effective.

Example from FedEx Recognize & Report Fraud page
Example from FedEx Recognize & Report Fraud page


The Financial Gain

The final point is the financial success to the fraudster. They can build and publish these scam web pages and send mass communications incredibly quickly, with little to no checks completed prior to their onboarding. These fraudulent services run as legitimate businesses until a customer reports the illegitimate service to law enforcement and industry groups.

The enforcement activity is then to block access to those web domains, which requires a collaboration between ISPs in order to prevent more victims falling for the scam. All of this takes time, often several weeks, all the while the fraudsters continue to defraud more and more victims. Once they’re stopped, they can create a new attack at lightning speed.

How to Fight Back

To get ahead of these attacks, we must encourage more reporting and better collaboration in the fight against such frauds along with continuing to strengthen controls around data compromise detection which forms the basis of targeting these threats. As with all types of fraud, combining intelligence and fraud prevention efforts will always win out against the fraudster. This approach has underpinned the best-in-class performance of FICO for over 30 years.

FICO is investing heavily in the global fight against fraud scams. This week we launched the first analytic models to profile and identify scams, built on the global community of Falcon Fraud Manager customers, the FICO Falcon Intelligence Network. This is the first model of its kind globally and represents an exciting development in beating back the ever-increasing threat of cross-channel scams.

Your customers must be warned and given the appropriate routes in which to easily report such scams to ensure enforcement activity happens quicker. Services such as Action Fraud in the UK, the Better Business Bureau (BBB) in the US and each individual delivery company are great example of such reporting.

But it is also incumbent on the banks to do more to remove silos and offer a more complete and holistic view of emerging fraud across their entire enterprise. Taking advantage of consortium data sets [DS1] for all fraud types and scams is also essential to deal with this modern threat.

To learn more about how FICO helps organizations fight fraud visit our website. and/or connect with me on LinkedIn. LinkedIn Profile: Toby Carlin.

chevron_leftBlog home

Related posts

Take the next step

Connect with FICO for answers to all your product and solution questions. Interested in becoming a business partner? Contact us to learn more. We look forward to hearing from you.