Think your Christmas shopping is done? Think again. While you’re basking in the glory of Black Friday bargains, scammers are lurking in the shadows, ready to pounce with a cunning trick known as the ‘spray and pay’ parcel delivery fraud. And this is the part most people miss: it’s not just about stealing your money—it’s about stealing your peace of mind. But here’s where it gets controversial: could our growing reliance on online shopping be making us more vulnerable than ever? Let’s dive in.
You’ve scored some amazing deals in the lead-up to Black Friday, and your Christmas list is almost checked off. So, when a text pops up about a missed delivery, it feels perfectly normal. You click the link, pay the £2 redelivery fee, and move on. But here’s the twist: that parcel never existed, and you’ve just handed your bank details to a criminal gang. These scammers have been ‘spraying’ thousands of similar messages across the UK, preying on the post-shopping frenzy confusion.
Why does this matter? Because fraud is hitting record highs during the holiday season, and scammers are counting on your busy schedule to slip past your defenses. The government, mobile operators, and delivery companies are sounding the alarm, but the question remains: are we doing enough to protect ourselves?
Take Evri, a major UK courier, which reported a staggering 10,000 cases of delivery fraud between November 2024 and January 2025. Lee Howard, their head of information security, explains the ‘spray and pay’ tactic: by sending out thousands of messages daily, scammers increase their chances of catching someone who’s genuinely expecting a package. Bold claim: This method is so effective because it exploits our trust in delivery systems. But is it time to rethink how we handle these notifications?
Here’s how the scam works: You receive a text claiming your delivery failed, urging you to rebook via a link. The messages are crafted to create urgency, often saying, ‘Your package is waiting at the depot. Reschedule delivery here: [scam site].’ Notice something missing? Your name. Murray Mackenzie, Virgin Media O2’s fraud prevention director, points out that legitimate couriers always personalize messages. Controversial thought: Are we too quick to trust anonymous communications in our digital age?
If you fall for it and click the link, you’ll land on a fake courier site asking for a small fee—just £1 or £2. But the real goal isn’t the money; it’s your personal information. Mackenzie warns, ‘Fraudsters want to monetize your data, whether it’s payment details or login credentials.’ Even sharing your email and phone number can make you a target for future scams. Provocative question: How much of our personal data are we unknowingly giving away?
Guardian readers have shared chilling stories of scammers using stolen details to impersonate banks. Some gangs take small, unnoticed amounts over time, while others go for one big heist. The National Cyber Security Centre (NCSC) adds another layer of danger: scammers may trick you into downloading malware through these links, giving them direct access to your device. Food for thought: Are we underestimating the sophistication of these scams?
So, what can you do? First, pause before clicking. Mackenzie advises, ‘If you’re expecting five parcels but get 27 texts, 22 are likely scams.’ Know your couriers—DPD, Evri, Royal Mail—and only trust messages from them. Be wary of generic texts with no personal details or from random numbers. If you slip up and share your info, contact your bank immediately. Report suspicious texts to your messaging app or forward them to 7726 to help stop the spread.
Final thought-provoking question: As online shopping becomes the norm, are we becoming too complacent? Share your thoughts in the comments—do you think we’re doing enough to stay safe, or is it time for a digital detox?
