Strange goings on with Royal Mail
Hi all
I have a truly weird one, over the last few days I have received a number of packages mostly medication and one really weird box of rusty screws!!! all with the same tracking number. Not sure if this could be due to the major clitch the other day or something weird is actually going on! I thought i would share with you lovely lot to see if anyone else is receiving stuff that isnt theirs. The label has our business name and address, not details on the packaging no return address or invoices very very strange!
0 replies
Seller_b5LDA3tnfaBEG
Just opened another box to find used glucose pens and a bag of used AA batteries???
Seller_oYl0UE5Ve5HSf
They could be returns for actual orders from yourself. But of course they are not returning the correct item, but something random that has a weight to match the original product.
Basically return scam/fraud.
Seller_IotgWgSZV4UrT
Could it be related to the data breach, when users were shown other users’ accounts?
If that was happening it sounds possible that addresses could have got mixed up.
Seller_b5LDA3tnfaBEG
I have been doing some investigations the label in question is a return label funny enough and one of ours, we do not issue these very often. So I have checked the labels I have sent to customers and none of them match. I have informed my Royal Mail account manager and hopefully they can shed some light. I investigated as my initial thought was a scam, we have been caught out before there are words for these type of customers but not here in a public forum! lol. But not usually as bad this one, and why so many parcels? I had to inform Royal Mail as we will probably be stung for it!
Seller_0wTxwqWmX6wBE
TBO it looks like someone is doing that deliberately, possibly a grumpy customer from the past?
Seller_DROodOAYHftnc
Definitely multiple problems with RM - eight threads with RM in title in the last 4 hrs !
Seller_FUpKdVjq6vkVs
We have had this at times previously and generally it is because a customer has created a return manually on the Royal Mail website. for example the # is four numbers which relates to your account http://www.royalmail.com/track-my-return/create/#### some companies when they send items give this information in the packing slip for returns and it probably is that the customer has not used a link and manually entered the wrong number on the site. You will probably of been charged for the returns so will need to contact Royal mail for a credit. We have had a blazer and school uniform turn up!
Seller_b5LDA3tnfaBEG
Thanks all for sharing your experiences. It is still all quite odd still, no more parcels turned up today thank god. But I might return the box of used rusty screws as not described and a 1 star for not having instructions LOL.
I am still waiting for a response from Royal Mail… roll my eyes!!
Happy Friday 
Seller_StUq1Kke2yC4l
So the chances are you have either need targeted or just unfortunate!
About 6/7 years ago when Royal Mail introduced the “Tracked Returns” system, I wrote them a detailed report on how the system could be abused and exploited and they totally ignored it! (or they made changes in the background and never even said thank you for the info!)
First thing you need to do is contact the Royal Mail business centre to confirm if you have tracked returns active on your account. If you do not, then you can ignore the rest of this message as you have not been a victim of this problem/exploit.
However if you do have it on, ask them to disable it or remove it from your account. Give them one of the tracking numbers and they will be able to confirm if it is a tracked return number or not. Note: The person on the end of the phone will probably not be able to do that for you, so they will need to raise a case to investigate, which we all know how long Royal Mail take to do that!!
In short the exploit can be operated in 2 ways:
- To purposely create financial damage to a business and business disruption:
This is done by someone either searching for your business in the Royal Mail Tracked Returns portal or using your XXXXX code to get your tracked returns account/form up. Then generating a single or multiple returns labels and sending junk! You are automatically billed for each label and subsequent surcharges when labels are duplicated and reused multiple times. Obviously with this method is it more easily detected as volumes generally exceed standard usage and stand out like a sore thumb!
- Using Tracked Returns to send items to other people!
This one is a little more devious. This is where they use the tracked returns system to create a valid label/tracking number and then change the address and regional codes on the printed label once the label has been generated. I remember my account manager at the time telling me it was impossible, so I went ahead and did it, then 4 days later he received a package from me using my tracked returns account! The parcel did get misdirected and was delayed, probably something to do with the auto reading of the QR code! but did get there.
With those two things in mind, your asking yourself why would you receive multiple parcels! The items inside are irrelevant , and they have minimum value but are there so that if a parcel is opened by Royal Mail to investigate, it tries to look like just generic product being sent! Like I said in the beginning you may have just been unlucky, ie someone used a random number which just happened to be your account. The probability is that someone has just thought about “Oh Royal Mail Free Tracked Returns, How can I exploit this?” . So they picked a random account, printed a couple of labels, duplicated a couple of labels and in the background are now checking if the parcels got delivered. Additionally what you would not see would be testing editing the label and sending to another address and seeing it they are delivered.
What does the hacker or scammer gain from this? Well once they find out it works, then they send orders to their customers with “Free Tracked 48” delivery. Now if they are smart, they will generally pick a very large companies (or multiple) tracked returns account to do this, so that it is easier to disguise it as volumes will go unnoticed.
(That is just a synopsis of a 14 page report I did for Royal Mail and if they have not bothered to fix it by now then its their problem, which is why I don’t mind detailing it)
Basically all sellers that have Tracked on their account should check if they have tracked returns and disable it if they dont use it! Save yourself a potential headache and it is easy to turn back on if you get big enough and want to use it.
