Courier Scams – How They Work and How to Fight Them

The ‘courier scam’ is a global issue that intensified during the pandemic and presented another worrying trend in the world of digital payments and card scams. Courier scams have long been a problem, but the threat and persistence of scammers has gathered momentum in recent months, as fraudsters have found continued success and will persevere with the ‘winning’ formula while they can still find a victim that will fall to their schemes.

But why is this same attack repeated with such frequency and what can we do to increase security and be more resilient to the threat?

The Scam

The scam is simple – an alert SMS or email comes out of the blue from an unknown number or address, notifying the target that they have missed a delivery and that it will need to be re-arranged with the courier. These typically reference the largest of the local delivery and courier companies or even the central mailing services within the attack region. When the victim follows the link to re-arrange their fake delivery, they are asked for a host of personal information including credit card details to cover a fee for redelivery. These scams are very successful — here’s how they work:

1. A fraudster will always imitate a legitimate company to generate maximum potential to find a victim. This is why tax entities and home utilities are always a popular target for fraudsters, but during COVID-19 lockdowns, consumers lives were forced to be remote – which brought with it an increase in the use of courier services to meet the exploding demand of customers purchasing from e-commerce channels. Mix this increase in consumer demand with the fact that most customers purchase from a vendor they know, but they do not know who will be delivering the item, and you have a rich and varied target set for the fraudster. This remains an issue today, as whilst there is no requirement to stay home from a safety perspective, many consumers have maintained hybrid working models amid new flexible schemes and the closure of many office locations.

Fake webpage for Royal Mail

2. Like many modern card and e-commerce frauds, the scam itself contains a range of attack vectors in a single place. This includes phishing of account-level and personal information as well as compromising the PAN / CVV for use in a fast-following fraud attack. It is also becoming more common that these attacks are part of a unified scam whereby high-value fraudulent goods are being ordered in the background, with the customer then tricked into completing the authentication steps prompted by their ‘redelivery’.

3. Creating a multi-layered and extremely convincing, yet fake web page to mimic real services is easier than ever before. Mass communication methods by SMS or email are commonplace and often incredibly low cost – a service that is enjoyed by fraudsters and genuine companies alike. It is also quicker and easier than ever before to purchase and design a high-quality web domain. Even more troublesome is that in many instances, the design provides an offering for fraudulent mobile applications. All of these scams are low-cost, but highly effective.

Example from FedEx Recognize & Report Fraud page

The Financial Gain for Scammers

The final point is the financial success to the fraudster. They can build and publish these scam web pages and send mass communications incredibly quickly, with little to no checks completed prior to their onboarding. These fraudulent services run as legitimate businesses until a customer reports the fake service to law enforcement and industry groups.

The enforcement activity is then to block access to those web domains, which requires a collaboration between ISPs to prevent more victims falling for the scam. All of this takes time, often several weeks, all while the scammers continue to defraud more and more victims. Once they’re stopped, they can create a new attack at lightning speed.

How to Prevent and Protect against Courier Scams

To get ahead of these scams, we must encourage more reporting and better collaboration in the fight against such frauds along with continuing to strengthen controls around data compromise detection which forms the basis of preventing and protecting against these threats. As with all types of fraud, combining intelligence and fraud prevention efforts will always win out against the scammer. This approach has underpinned the best-in-class performance of FICO for over 30 years.

FICO is investing heavily in the global fight against fraud scams. We have award-winning analytic models to profile and identify scams, built on the global community of FICO Falcon Fraud Manager customers, the FICO Falcon Intelligence Network. This is the first model of its kind globally and represents an exciting development in beating back the ever-increasing threat of cross-channel scams.

Your customers must be warned and given the appropriate routes in which to easily report such scams to ensure enforcement activity happens quicker. Services such as Action Fraud in the UK, the Better Business Bureau (BBB) in the US and each individual delivery company are great examples of such reporting.

However, it is also incumbent on the banks to do more to remove silos and offer a more complete and holistic view of emerging fraud across their entire enterprise. Taking advantage of consortium data sets for all fraud types and scams is also essential to deal with this modern threat.

Learn More About How FICO Helps You Stop More Fraud

• Read the FICO Global Fraud Report 2023
• Visit the FICO.Com Protect and Comply Web Pages
• Read the 2023 Scams Impact Survey Whitepaper

Note: This is an update of a post originally published in May 2021.