Woah! This was an authorised phishing simulation carried out by Royal Mail Group, your data is safe this time! You received this simulation because you have previously clicked on a phishing link or entered your personal details into a fake site.

You are our greatest defence against a cyber-attack and continued failure to detect and report suspicious emails, calls and texts could lead to serious consequences for yourself and Royal Mail Group.

Do your part and be cyber smart – please take the time to familiarise yourself the guidance below:

Phishing

​Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details and passwords. The information is then used to access important accounts and can result in identity theft and financial loss’. It’s a common form of social engineering

​Why is phishing so dangerous to RMG?

• ​We are a well known brand with a large customer base, making us an attractive target for hackers.
• The majority of cyber attacks and data breaches start with phishing. 
• 90% of data breaches come from human error, we are one of the biggest employers in the UK, increasing the likelihood of a data breach.​
• A data breach caused by a phishing attack could cause significant damage to RMG including regulatory fines, typically 2% of global turnover, in excess of £200m (based on previous turnover), financial loss and damage to our reputation resulting in loss of share price, loss of customers and loss of customer / employee trust..
• Cyber criminals are taking advantage of the pandemic by targeting users who are adapting to new digital ways of working. Emails can contain malicious links or software that restrict our ability to carry out business activities which leads to financial loss​​.

​​How to detect a phish​ing scam

1. You may recognise the sender, but the information being requested is out of the ordinary. Their account may have been compromised. If in doubt, call the person directly to verify
2. If on your work device, check with your colleagues if they have received a similar email / text
3. Check if the spelling, grammar, graphic design or image is poor quality. They may use odd 'spe11lings' or 'cApiTals' in the email subject to fool your spam filter
4. The mail / text / call asks you to enter your password, card details, PIN or personal information into a site you don't recognise and / or includes a suspicious link or attachment
5. It asks you to do something secretly or to ignore normal procedures
6. What they are offering sounds too good to be true (and that's because it probably is)​

How to report a phishing scam

On your RMG account or device:

• If you suspect a ‘phishing email’, forward the email to: spam.awareness@royalmail.com​ from any device, delete it from your inbox 
• If you suspect a malicious call / text, hang up politely / delete and don’t click
• Do not open any attachments, or click on the links, delete it from your mailbox or messages. If you want to verify the legitimacy, contact the sender directly (by phone) and seek confirmation, do not reply to the email or text message and hang up the phone if you receive a suspicious call
• If you are concerned you have been compromised, report, and reset your password as a precautionary step
• Report any potential or suspected security or data incidents immediately to the IT Helpdesk -  0345 608 2555

The tell signs of a phishing email

Gone phishing

As phishing is such an important​ risk that we need to manage, Think Secure runs a dedicated phishing simulation campaign across the year to help you stay cyber savvy and aware of the latest trends. Always be vigilant, be careful what you click on as the consequences could be serious for those who fall foul of the phish!​

If you’d like any advice and support, contact thinksecure@royalmail.com