Eight arrested over Royal Mail ‘smishing’ scam

Police officers from the Dedicated Card and Payment Crime Unit (DCPCU) have arrested eight people in relation to a Royal Mail text phishing, or 'smishing', scam.

The eight arrested individuals are suspected of attempting to commit financial fraud and impersonating the Royal Mail by sending out fraudulent texts and emails which link to phishing websites.

The arrests come weeks after researchers from Check Point Software reported a 645% increase in Royal Mail-related phishing scams, with March being the biggest month for attacks on record.

The DCPCU, which is a specialist unit of the City of London and Metropolitan Police, conducted a series of early morning operations across London, Coventry, Birmingham and Colchester, resulting in eight male suspects being arrested. Seven have since been released under investigation, with one suspect charged and remanded into custody ahead of their court appearance.

The DCPCU, which is funded by the banking and cards industry, also managed to recover numerous customers' financial details, enabling these bank accounts to be protected.

Commenting on the arrests, DCI Gary Robinson, who leads the DCPCU, said that the "ongoing investigations are now underway" and that the unit and the Royal Mail "will continue to work together to bring those committing smishing scams to justice".

"The success of these operations shows how through our close collaboration with Royal Mail, the financial services sector, and mobile phone networks, we are cracking down on the criminals ruthlessly targeting the public," he added.

Meanwhile, Stephen Ritter, CTO at digital identity verification provider Mitek, called for organisations within the technology and finance sector to "step up to the challenge" in fighting scammers.

"All too often, industry experts are quick to blame consumers for "falling" for scams – but this blame game needs to stop," he said. "To fight misinformation, Twitter and Facebook started flagging posts that weren't backed up by fact, and the problem has improved significantly. Why can't we do the same for fraudulent activities on our phones?"

According to Ritter, digital service providers such as "messaging apps, mobile manufacturers, email providers, or mobile networks" should use artificial intelligence to warn users "when a suspicious link or message is shared".

"Often, you might not notice a dubious link, or the unknown number it's sent from – but your phone, messaging service, or network could. A simple flag ('This link could be fraudulent') would go a long way to protecting consumers. And all it takes is AI and machine learning algorithms that are trained to spot scams before they reach the consumer," he said.