Cyber Security

I’ve recently received a verification email from Hermes but didn’t register for an account

We have recently been subject to an attempt by hackers to register for MyHermes.co.uk accounts using email addresses that were obtained from unauthorised sources outside Hermes company. 

Our robust security protocols quickly detected this and our safeguard email verification process meant that this has been prevented.

None of our personal data has been breached  and our business continues as normal.

If you have not registered for a Hermes user account but have received an email with the subject “Hermes – Verify yourself”, please delete that email or ignore it and take no further action. If you have already clicked through to verify your account in error,  please don't worry as we will manage these details for you.

How to avoid phishing scams

We're committed to protecting the privacy and security of our customers and website visitors. Staying safe online can be tricky, which is why we've created this handy guide to help you.

What is phishing/smishing (SMS phishing)?

Phishing is where cybercriminals ‘fish’ for personal data by sending you emails (or social media messages, SMS texts etc) that look like they’re from a legitimate sender or business.  These cybercriminals will attempt to steal your personal data by:

  • Sending you emails that look like they’re from a legitimate sender
  • Asking you to download files or software
  • Asking you for personal details such as usernames and passwords

 

Their aim is often to get you to reveal private information like your usernames, passwords and other secure information, such as your parcel, bank or financial details.

Cybercriminals often send emails or SMS messages urging you to act immediately by giving up your private information – and it can be convincing, as they’ll often use similar or the same language and images as the companies they’re impersonating.

They might do this by suggesting there is an issue with your:

  • Item(s) e.g. redelivery
  • Delivery address
  • Payment information

 

When you enter your details, fraudsters can use this to access more of your information. 

Alternatively, phishing emails may encourage you to download software or install a file. This file can infect your computer with a virus or program and put your files and data at risk.

What can you do against phishing/smishing?

To stop a phishing / smishing scam, make sure you check the email address to ensure messages are valid and have come from who they say. 

A phishing email may use similar details to the recognised Hermes addresses, but you may notice spelling errors or slightly different formatting. Our emails will typically come from: 

  • @hermes-europe.co.uk 
  • @myhermes.co.uk

 

Before you click on any links, hover over the button or URL to check it goes where it's supposed to. If it brings up an unrecognised address, it could be a scam. 

To help protect yourself online, use your usual search engine to find information from cyberaware.gov.uk and getsafeonline.org.

How can I identify a phishing/smishing email or SMS?

Common features of phishing emails include:

  • Poor language – look out for poorly written sentences with spelling and grammatical errors
  • Lack of a personal greeting – you might be addressed as 'Dear Customer', 'Dear Sir/Madam', or ‘Dear [your email address]’ instead of using your name as you gave it to us on your account
  • A vague email address – the email address will often be different from the service you are using
  • Link or button – links or buttons in emails that urge you to click on them

Will Hermes contact me for my bank details?

We will never contact you by phone or email to request payment. We may contact customers by phone or email and ask for bank details to make a goodwill payment or to discuss a claim.

How to report a phishing attempt

If you’ve received a suspicious phone call, text message, interaction via social media or email, you can:

 

  1. Emails can be forwarded to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk
  2. SMS Smishing text messages can be reported to your network service provider by forwarding the scam SMS to 7726
  3. Visit the ActionFraud website actionfraud.police.uk/report-phishing
  4. If you have provided your bank details, we recommend that you contact your bank and advise them you were a potential victim of fraud

How to get support

If you've experienced cybercrime, you can contact the charity Victim Support for free, who are available for confidential support and information: victimsupport.org.uk

Spot the signs and stay safe

We're committed to protecting our customers' privacy and security – but we can’t defend you from scams that target you directly.

Following our basic guidance will help you stay one step ahead of the fraudsters.

If in doubt, visit cyberaware.gov.uk and getsafeonline.org.