Posted on by Clive Catton

Delivery Scam

My personal delivery scam. 

I was working at my desk the other day, thinking about stopping for lunch, when I got the following text message: 

delivery scam text message Ervi

Now I was waiting for a delivery, I had ordered a camping kettle from AliExpress, but the last time I looked it was not scheduled to be delivered for two more days. I thought I would check the app, as I had been working with music on (Diana was out) and I could have missed a knock at the door – I was pretty sure a kettle would not go through the letterbox. 

AliExpress 

Now I am sure many of you will have opinions about the Chinese-owned AliExpress – this article is not about the ups and downs of using such a service – it is about the scam. However, have you ever cross-checked what you are buying on Amazon with AliExpress? You will soon see where that seller gets their stocks. 

On the AliExpress App – The scam continues… 

When I checked the app, I found out that my delivery had been brought forward to that day. Had I missed a knock? Was the music too loud? 

I went back to the text message and… 

Well, I stopped, but many would not have. 

The scam text message 

On examination I realised I did not like the sender address – pughnylah18594(at)gmail.com – the domain most easily abused by scammers. (Sorry Google, but you would have a hard time disproving that statement.) Would Evri really use that address? 

And the link – evri.psocyrrso.top/upaddress – not very convincing. I followed the link on a secure machine, (see the p.s. below), and I was taken to a web page with a form for me to complete, wanting the usual personal information. I did not see a box asking for payment information, but I also did not click on the update button. 

The other thing that was lacking on both the text, the link and the webpage was any mention of my order number – something I am sure a legitimate communication would have included, otherwise how could they join the information they required to my delivery? 

The delivery 

I had just about decided this was a scam and that it would be my next “Wednesday Bit” article on Smart Thinking, when there was a knock on the door. 

It was the delivery man with my Evri parcel. I didn’t mention the text and he was in hurry to leave, but that is not unusual. 

A scam question 

On reflection, I have a question. How did the scammers know I had a parcel from Evri due for delivery today, that would arrive about half an hour after I received a text saying that I had missed that delivery? 

Some helpful links about the Evri scam 

As part of the research for this article, I found a really useful page on the real Evri domain. 

Is this Evri Text/Email Genuine? | FAQs | Evri 

Your takeaway 

Team awareness. 

Make sure your team members are familiar with the types and styles of the most common phishing and social engineering attacks, then your organisation will have an invaluable extra defence to add to the technical defences you already have in place. 

Insert link to training 

Cyber Security Awareness Training – Why?

My kettle 

By the way, the kettle is excellent in both quality and value. 

Clive Catton MSc (Cyber Security) – by-line and other articles

p.s. You should not follow a scam or phishing link just to see what happens! 

Further Reading

Back-to-Basics – A Phishing Email Primer

Featured image clivecatton.co.uk