Fake My Hermes notification of delivery – “Order AW_369_0420_3C Confirmed” delivers malware — 18 Comments

  1. I received one of these emails today. I knew it was a scam, but what concerned me was that the email had my real postal address and mobile phone number in the email. Makes me wonder where they got the information from.

  2. Received one this morning too…

    The info within the email had my real name, home address all spelled correctly and mobile number, probably the most accurate Scam/Spam email I’ve seen to date.

    Email received from and there was no attachment but, the email looked genuine saying it’ll be delivered to blah blah and Parcels may take up to 5 working days etc….

    Subject had my real full name then followed;
    Purchase Order – 8388.UXW.929.TLM Despatched

    As mentioned above no attachment but, said….

    You can track it by ‘following this tracking link’ in quotations was the URL and pointing to;

  3. I received one yesterday evening, perhaps conincidentally shortly after placing an order that claimed to offer despatch that evening. It included my correct name, address and telephone number and the tracking hyperlink pointed here:


  4. I received one of these last night, with all my correct address details and looks like the one in your picture, I’ve just been dealing with myhermes the say before so really thought it ws genuine (and it was very late) so I clicked on the ‘tracking link’ it took me to a page that didn’t seem to load properly and looked odd that’s when I realised. Am I at risk? Have I got a malware now? I was using an android mobile when I clicked on it, I’ve run virus checks (free ones) and nothing shows, bit concerned.

  5. Got one of these today. Same deal as above, got my name and address correct.

    Link pointed to: hxxps://

  6. Was expecting a parcel and stupidly clicked on the link, then looked at the email address and it was spam, it downloaded a zip file which I immediately deleted. ran malwarebytes and nothing found, the linkwhich when clicked downloaded a zip file came from a
    So stupid, in all my years Ive never clicked on anything, was half asleep !
    Any idea what happens if just by clicking on the link?

  7. I received one of these phishing emails last Wednesday 11.00pm (04/04/18) and as stated it contained my details, all present and correct as well as the link to a zip file. Already reported it to action fraud police.

    I also had placed a random order with a company on Tuesday and their courier was Hermes (Hermes sent me a real tracking link before I received the fake one). I was thinking that this was just a coincidence (like others)but reading the comments below, I now don’t think so, given its happened to 3 others that had real dealings with Hermes. Does Hermes have some sort of breach perhaps?

  8. I received one of these in my spam folder on April 5th, ostensibly from

    I didn’t open it until April 13th, during a routine sweep of my junk folder, and was immediately suspicious because it referred to a supposed order in my wife’s name but to my email address, which we never do — her orders are done via her email address and mine by mine, with never any crossover. Needless to say I didn’t click on the supposed MyHermes tracking link, even though we were awaiting several orders from ebay.

    BUT WHAT IS MORE WORRYING — not only did the email message show our correct postal address and landline number but, AND THIS IS HIGHLY SUSPECT, immediately after our phone number, without even a space between, was a string of 10 alpha characters which exactly matches the first 10 characters of my Windows 7 Screensaver log-in password on this PC, even down to the correct upper and lower case — a string that I never use in any action other than logging in to the timed passworded screensaver and which could never be a coincidence.

    This immediately makes me suspect a keylogger is installed on my PC — have done some preliminary searches but nothing yet found.

    I will pass this onto the police actionfraud link but others should watch out for this development.
    This is not your average random generalised phishing scam but appears to be accessing individual data from the target’s own computer!

    • If you think you have a keylogger or other malware on your computer then you can seek help on
      I can’t really think that if you already have a keylogger & info stealer on the computer, they will go to the bother of using that information to send you specially created emails to download yet another keylogger & banking trojan. They already have total access and can install anything they like or steal whatever they want already.

  9. I’ve had two of these to different email addresses, with the correct shipping details contained inside.

    I agree that this must be a breach of shipping data saved by Hermes, or sent from within Hermes themselves using their data.

    There’s no other way the information would be as it was.

Leave a Reply

Your email address will not be published. Required fields are marked *