is the £1.99 Royal Mail redelivery fee real

No. Royal Mail does not charge a £1.99 (or any similar small fee) to redeliver a missed parcel through an SMS link. Standard letters and parcels carry no extra redelivery charge in the UK. A "small fee" demanded through an SMS link is a tell-tale sign of a scam. Forward the text to 7726 and delete it.

how do I report a fake delivery text in the UK

Forward the message to 7726 (works on every UK network, free). You can also report it directly to the courier, Royal Mail accepts reports through their scam-reporting page, Evri at phishing@evri.com and DPD through the DPD UK security page. Action Fraud takes reports at actionfraud.police.uk or 0300 123 2040.

I clicked the link in a fake Evri or Royal Mail text, what should I do

Do not enter any further information. If you entered card details, call your bank on the number on the back of your card to block the card and watch for fraud. If you downloaded an app, the NCSC recommends not logging into banking apps from that device until you have cleaned it, ideally a factory reset followed by restoring from a backup taken before you downloaded the app. Report the incident to Action Fraud for the record.

why am I getting so many missed delivery scam texts

You are not specifically targeted. Scammers send texts in waves to ranges of UK mobile numbers, often timed to peak shopping periods like Black Friday and Christmas. Three UK alone blocked 32 million fraudulent texts in 2024, and reported a 500 per cent increase in SMS scams over Christmas of that year. Your number does not need to have been "leaked".

can the courier just leave my parcel without contacting me

For most consumer deliveries in the UK, yes, if you have given a safe place or a neighbour. Real missed-delivery cards are dropped through the letterbox or stuck to the door, and the carrier's tracking website always reflects the same status as the card. If only an SMS exists and the tracking website does not match, the SMS is almost certainly fake.

May 23, 2026

Last updated on May 23, 2026

The missed delivery SMS scam in the UK: Royal Mail, Evri, DPD and DHL impersonation

⚠️ Mobile scams

On this page (7 sections)

What the fake messages look like
What the scammers actually want
Six red flags to spot it
What to do if you have received one
What real couriers will never do
If you already clicked or shared details
Sources and methodology

32 million

Fraudulent SMS messages blocked by Three UK alone in 2024, a 4x increase on the previous year

Source: Three Media Centre, Black Friday warning 2024

£242,000+

Total reported losses from fake DPD SMS messages between June and December 2024

Source: Action Fraud (cited by Three Media Centre)

500%

Increase in SMS-based scams reported across the UK over the Christmas 2024 period

Source: Three Media Centre

7726

Free UK shortcode to forward suspicious SMS messages to your mobile operator (spells "SPAM" on the keypad)

Source: Ofcom

0300 123 2040

Action Fraud phone number for reporting scams in England, Wales and Northern Ireland

Source: Action Fraud (City of London Police)

If a text says a courier missed your delivery and asks for a small fee or “address verification” through a link, treat it as a scam by default. Real UK couriers do not charge small fees through SMS links to attempt redelivery. Since 2024 these fake delivery texts have become one of the most common smishing patterns in the UK, with millions of attempts blocked every month and millions of pounds lost when they get through. This guide is part of our mobile scams series and explains what the messages look like, what the people behind them actually want, and exactly what to do.

What the fake messages look like

There are four flavours, one per major courier, all built on the same template: a parcel that “could not be delivered”, a problem that requires you to act now, and a link. The samples below are real patterns reported across UK consumer publications, anonymised with placeholder URLs so nobody can click them by accident.

Royal Mail:

“Royal Mail: Your parcel could not be delivered due to an unpaid shipping fee of £1.99. Please settle this here: rm-redelivery.[fake]”
“Royal Mail: Your package has arrived at the sorting office. The detailed address is missing, please submit it through the link below. Otherwise the package will be returned to sender within 48 hours: royalmail-verify.[fake]”

Evri:

“Evri: Your parcel could not be delivered today. Please reschedule delivery here: evri-reschedule.[fake]”
“Our driver made a delivery attempt today but received no response. Visit [link] in order to track and reschedule package.”

DPD and DHL:

“DPD: We attempted to deliver your parcel today. An additional fee of £2.99 is payable if you want the parcel to be delivered. Pay here: dpd-payment.[fake]”
“DHL: A customs duty of £2.50 is required to release your parcel. Settle here: dhl-customs.[fake]”

And the generic, carrier-agnostic version:

“A parcel is waiting for delivery. Please confirm the settlement of £2.50 via the link below. Otherwise the package will be returned within 48 hours.”

The common shapes are unmistakable once you have seen a few: an urgent deadline, a small monetary bait of £1.99 to £2.99, and a link that does not match the carrier’s real domain.

What the scammers actually want

There are three goals, sometimes combined.

The first is a small card payment to “unlock redelivery”. The fee is set deliberately low (£1.99 to £2.99) because most people will not contest a payment that small if they later forget. Once your card details are on the fake page, they can be reused for further unauthorised transactions or sold on.

The second is your full bank login. Some variants go further and ask for online banking credentials, supposedly to “verify identity”. With those, the scammer can drain the account directly or take it over by changing the contact details.

The third, and the one the National Cyber Security Centre highlights specifically, is to get you to install a malicious app disguised as the carrier’s tracking tool. The NCSC’s own guidance on these scams says:

“Cyber criminals are tricking UK citizens into downloading malicious software (malware) by sending scam ‘missed parcel’ SMS messages. The ‘app’ is in fact a type of malware.”

Once installed, that app reads your texts (including the verification codes for banking apps), your contacts (so it can send the same scam to your friends) and your stored credentials. It is the most damaging outcome of any delivery scam.

Six red flags to spot it

The URL is not the carrier’s real domain. Royal Mail real links end in royalmail.com or royalmail.co.uk. Evri uses evri.com. DPD uses dpd.co.uk. Anything with extra words, hyphens or unusual top-level domains (royalmail-redelivery.co, evri-reschedule.[xx], dpd-pay.xyz) is fake.
A small fee is demanded before you can track anything. Real carriers let you track for free. If the message asks for £1.99 before letting you see the parcel status, it is a scam.
An artificial 48 hour deadline. Real missed-delivery cards give you 7 to 18 days to arrange collection or redelivery. “Package will be returned within 48 hours” is pressure-cooker text designed to bypass your judgement.
A request to install an app via SMS link. No UK courier distributes its tracking app through SMS links. They direct you to the App Store, Google Play or Galaxy Store by name. An “install” link inside an SMS is malware.
Awkward grammar or branding. Mixed capitalisation, missing apostrophes, an inconsistent tone or the carrier’s name in lowercase (“royal mail” instead of “Royal Mail”) are common tells.
The carrier’s own tracking page does not match. Open the carrier’s website yourself (not via the link in the SMS), enter the tracking number from the SMS or your order confirmation, and see whether the carrier’s site actually shows a missed delivery. If it does not, the SMS is fake.

What to do if you have received one

Three actions, in this order.

Do not click the link. Even loading the page can be enough for a sophisticated operation to fingerprint your device or push a download. If you have already opened the page, close it without entering anything.

Forward the text to 7726. This is the free UK shortcode supported by every operator, recommended by Ofcom and the NCSC. It sends the message and the sender’s number to your network for investigation and blocking. Over 27,000 scam URLs have been taken down via 7726 reports since 2020.

Report the scam. Action Fraud at actionfraud.police.uk or by phone on 0300 123 2040. You can also report directly to the courier, Royal Mail’s own scam reporting page covers their brand, Evri accepts reports at [email protected], and DPD has a security contact form on its phishing page. The same official channels are used in our coverage of fake Vodafone billing texts and the HMRC tax refund SMS scam, the patterns are identical, the targets just change.

What real couriers will never do

The official anti-fraud pages of Royal Mail, Evri and DPD all converge on the same short list. None of these carriers will:

Ask for a payment by SMS link to attempt redelivery.
Ask for your full bank card details by SMS or phone.
Ask you to install an “official” app through a link in an SMS.
Threaten to return the parcel within 48 hours of a single delivery attempt.

If a text claiming to be from a carrier asks for any of these, it is a scam, regardless of how convincing the branding looks.

If you already clicked or shared details

The window to limit damage is short, act now.

If you entered card details: call your bank on the number printed on the back of your card (not on any number the SMS or the fake page gave you). Ask them to block the card and watch the account. UK banks generally issue a new card the same day. If money has already moved out of the account, you may be entitled to reimbursement under the Payment Systems Regulator’s mandatory APP fraud scheme, which covers most authorised push payment fraud up to £85,000.

If you entered your bank login: change the password from a device you trust (a laptop, not the phone the SMS arrived on), enable two-factor authentication if you have not already, and ring the bank’s fraud team immediately on the card-back number.

If you downloaded the “tracking app”: the NCSC’s advice is unambiguous. Do not log into your banking apps from that device until it is clean. Run a reputable antivirus scan first; if there is any doubt, factory reset the phone and restore from a backup taken before the install. Change the passwords of your most important accounts (email and banking first) from a separate device.

Whatever happened, report the incident to Action Fraud afterwards. Reports are how the data is built that drives take-downs and policy changes. The bank impersonation call scam and the Hi Mum WhatsApp scam are tracked through the same channel.

Sources and methodology

Figures are taken from the National Cyber Security Centre’s guidance on missed-parcel SMS scams, Action Fraud reports cited by Three UK’s Media Centre, the official anti-fraud pages of Royal Mail, Evri and DPD, and Ofcom’s 7726 guidance. Sample messages are reproduced anonymised, with all live malicious URLs replaced by placeholders. No scammer phone numbers are published, caller ID spoofing means those numbers almost always belong to innocent third parties. This article was last reviewed on the date shown at the top and will be updated when new variants appear.

Cyber criminals are tricking UK citizens into downloading malicious software (malware) by sending scam "missed parcel" SMS messages. The "app" is in fact a type of malware.
, National Cyber Security Centre, scam missed parcel SMS guidance

Frequently asked questions

is the £1.99 Royal Mail redelivery fee real: No. Royal Mail does not charge a £1.99 (or any similar small fee) to redeliver a missed parcel through an SMS link. Standard letters and parcels carry no extra redelivery charge in the UK. A "small fee" demanded through an SMS link is a tell-tale sign of a scam. Forward the text to 7726 and delete it.
how do I report a fake delivery text in the UK: Forward the message to 7726 (works on every UK network, free). You can also report it directly to the courier, Royal Mail accepts reports through their scam-reporting page, Evri at [email protected] and DPD through the DPD UK security page. Action Fraud takes reports at actionfraud.police.uk or 0300 123 2040.
I clicked the link in a fake Evri or Royal Mail text, what should I do: Do not enter any further information. If you entered card details, call your bank on the number on the back of your card to block the card and watch for fraud. If you downloaded an app, the NCSC recommends not logging into banking apps from that device until you have cleaned it, ideally a factory reset followed by restoring from a backup taken before you downloaded the app. Report the incident to Action Fraud for the record.
why am I getting so many missed delivery scam texts: You are not specifically targeted. Scammers send texts in waves to ranges of UK mobile numbers, often timed to peak shopping periods like Black Friday and Christmas. Three UK alone blocked 32 million fraudulent texts in 2024, and reported a 500 per cent increase in SMS scams over Christmas of that year. Your number does not need to have been "leaked".
can the courier just leave my parcel without contacting me: For most consumer deliveries in the UK, yes, if you have given a safe place or a neighbour. Real missed-delivery cards are dropped through the letterbox or stuck to the door, and the carrier's tracking website always reflects the same status as the card. If only an SMS exists and the tracking website does not match, the SMS is almost certainly fake.