top of page

Delivery Fraud: don’t let fraudsters steal your Christmas

As the festive season gathers pace and our inboxes light up with order confirmations, delivery updates, and tracking alerts, there’s something else rising sharply too: delivery-related fraud.


ree

Scammers know that millions of us are shopping online for gifts, decorations, food, and festive treats — and they’re exploiting that surge to try to steal money and personal information.


Here’s why delivery fraud spikes at Christmas, what it looks like, and — most importantly — how you can stay vigilant and protected.


Why Christmas Is Prime Time for Delivery Scams and Online Fraud


At Christmas, online shopping and parcel deliveries increase dramatically. With thousands of new orders heading to homes every day, people are more likely to be distracted, tired, or in a rush. Criminals exploit this by mimicking delivery companies, sending fake alerts, and using emotional triggers to get you to act without thinking - increasing the chances you’ll click on a scam link or hand over financial details.


Recent warnings from UK Finance suggest criminals could steal up to £100 million in December alone, with many scams tied to fake parcel delivery messages and impersonation frauds.


What Delivery Fraud Looks Like


Scammers use a range of clever tactics, including:


Fake delivery emails and texts


You might get a message claiming a parcel couldn’t be delivered and asking you to “pay a small fee” to reschedule, or to verify your details via a link. These messages often use real branding and look convincing - but the links go to fake sites designed to steal your personal and financial information.


Impersonation calls or follow-ups


Once you’ve clicked or shared data, fraudsters may call you, pretending to be from your bank’s fraud team and asking you to move your money to a “safe account” - which is actually theirs.


“Spray and pay” scams


Mass text campaigns that link to spoof delivery tracking pages, prompting payments and capturing data.


Malware links


Some texts try to get you to download apps or software that secretly install malware and harvest your credentials.


ree

Top Tips to Protect Yourself (NCSC & Supporting Guidance)


Staying safe isn’t just about luck - there are practical steps everyone can take:


1. Think Before You Click


Never click links in unexpected delivery emails or SMS messages. Instead, go directly to the courier or retailer website by typing the address into your browser.


2. Strengthen Your Accounts


Use strong, unique passwords and enable two-step verification (2SV) on your email and shopping accounts - as recommended by the NCSC.


3. Check Before You Buy


Only shop with trusted retailers and check reviews if you’re buying from a site you haven’t used before. Look for “HTTPS” and the padlock icon in the browser bar.


4. Use Secure Payment Methods


Pay with a credit card where possible, as many providers offer purchase protection if something goes wrong.


5. Report Suspicious Messages


Forward scam texts to 7726 - a free UK service that helps phone networks identify and block fraudulent campaigns. You can also send suspicious emails to report@phishing.gov.uk


6. Take Five to Stop Fraud


Pause and think before divulging personal or financial information, especially if you’re feeling pressured or rushed. This simple principle is at the heart of the Take Five to Stop Fraud campaign supported by the EMCRC and UK Finance.


Stay Alert - It’s Part of a Bigger Picture


Delivery fraud is just one part of the broader rise in online scams during the holidays. Trading Standards and consumer protection bodies also warn about fake deals, counterfeit goods, and scams that promise gifts or services that never arrive.


The festive season should be one of joy, not stress or loss. By staying vigilant, questioning unexpected messages, and sticking to trusted sites and services, you can enjoy the convenience of online shopping without giving fraudsters a merry Christmas at your expense.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


 
 
 

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page