Information Security Advice

Information designed to help you stay safe

Information Security Advice

We pride ourselves on our website security and we would like to give you some tips to keep your personal details safe. Here are some simple steps that you can take to stay protected.

Important: X (formerly Twitter): We're aware of profiles impersonating Yodel on X. Our official X account is @YodelOnline. We will not contact you from any other profile, or ask you for payment, bank details, or other sensitive information.

Please note:

To keep you up to date with your parcel's journey, you will receive emails from donotreply@yodel.co.uk or noreply@yodel.co.uk to notify you when your parcel is on its way or has been delivered. 

SPAM/ PHISHING EMAILS AND TEXT MESSAGES

There have been reports of emails and text messages being sent to customers pretending to be from parcel delivery companies. The aim of these fake messages is to prompt the customer to click a link included in the text/email. This then displays a page that looks very similar to that of Yodel’s website but will ask you to share your phone number, date of birth, bank details etc.

Please note that Yodel will never send emails or text messages asking you to provide your bank details or phone number and we will never ask for a fee for redelivery of a parcel.

If you think you may have given away your details to a scammer, please contact your bank immediately.

If you receive a message from us asking you to provide either of these details, do not click the link and we advise that you delete the email or text.

There have been previous incidents reported that Yodel has been the subject of a Spam/Fake email campaign where customers receive an email with a subject line containing a user's name and " Your Purchase Order", " Your order Progress Update" or similar. These emails ask you to click a link to 'Download your shipping label'.

Such emails are very convincing as they contain your name and an address and/or post code although some users have reported that the address/post code is a few years old and do not contain a house/property number.

They are fraudulent, not from Yodel and some have the ability to install malware onto your device if links are clicked.

Other such emails purportedly sent from 'Yodel Accounts' or the email address  accounts@yodel.co.uk  contain the subjects such as;

  • Final Notice: Overdue Invoice

  • Notice: Overdue invoice (INV_)

  • RE: YODEL DELIVERY Bill Overdue

Please note that email originating from any of the domains below is not genuine and not from the Yodel Delivery Network;     

  • yodelsinternational.com

  • yodel-parcel.web.app

These emails have been reported to Action Fraud and steps have been taken to remove the websites used in the emails with the registrar although the number of websites is vast.

Emails that are suspected to be malicious should be marked as Spam/Junk and deleted immediately.

1. How to spot fake emails

Phishing fraudsters try to obtain your confidential or personal information by sending emails that look genuine but could ask you to submit details on an insecure site. Look out for:

Suspicious addresses - is it from someone who you would normally receive emails from? Also be aware that a fraudster can make an email seem as if it is from a known source.

Subject lines - with a sense of alarm e.g. 'Security Alert' or 'Your account will be suspended.' These people will try to illicit panic and urgency from you in a hope to make you act quickly without your normal cautious nature.

Requests for information - genuine companies never email asking you for User Names, Passwords, Date of Birth or Credit Card details.

Top Tip!  When viewing an email, you can hover over hyperlinks (or buttons) to see the underlying website address (URL.)

2. Protect your mobile, tablet and PC

Update your browser - newer versions have higher security and some will also warn you when a page you're visiting is not secure. Check out your browser's security features to see what they offer.

Software updates - ensure your operating system is up to date and use a reputable up to date security package. Run regular scans to keep your system free from Viruses and Malware. Set it to update automatically so you don’t have to remember to do it.

Use strong passwords or passphrases - create unique passwords/passphrases that can't easily be guessed. Avoid common words or people's names and remember to change your passwords regularly. Do not use the same password across multiple websites.

Top Tip! Make sure your passwords are at least 8 characters long, a mixture of upper and lower case letters and include some numbers and maybe a symbol too.

3. Always check:

A caller is who they say they are.

The phone line is disconnected after an unexpected call by calling someone else first from the same line or using a different phone. Always call back using a phone number you've got from a trusted website or your statement and never the one that called you originally.

A website is secure before you enter any account or card details. Look for the 'https' at the start of the web address and the padlock or unbroken key icon at the top of the page next to the address bar.

4. Data Compromises
If you have ever had data compromised with another organisation and you use the same password with us or on other sites you should change it.

5. What to do if you're not sure an email is from us
If you get an email that looks like it might not be from us, don't worry, just forward it to us at information.security@yodel.co.uk and we'll be more than happy to deal with it for you.

For more free expert advice on safe online shopping visit; 

https://www.ncsc.gov.uk/guidance/shopping-online-securely

https://takefive-stopfraud.org.uk/advice/

Ransomware

Your computer could be infected by ransomware when you inadvertently:

  • Open a malicious attachment in an email. Most Windows ransomware in recent months has been embedded in documents distributed as email attachments.

  • Click on a malicious link in an email, instant message, social networking site or other website.

  • Visit a corrupt website - often these are of a pornographic nature.

  • Open infected files from web-based digital file delivery companies (for example Hightail - formerly called YouSendIt, and Dropbox).

  • Open untrusted macros in application documents (word processing, spreadsheets etc).

  • Connect untrusted USB connected devices (eg memory sticks, external hard drives, MP3 players). A USB does not need your interaction to run malicious code.

  • Insert corrupt CDs/DVDs into your computer.

Avoiding Ransomware

  • Do not reply to, or click on links contained in, unsolicited or spam emails from companies or individuals you do not recognise.

  • Visit only websites you know to be reputable.

  • Ensure you have effective and updated antivirus/antispyware software and firewall running before you go online.

  • Regularly back up all your data, including to a USB-connected device stored remotely from your computer. This is because some ransomware can also infect your cloud-based storage.

If you have ransomware on your computer

  • To detect and remove ransomware and other malicious software that may be installed on your computer, run a full system scan with an appropriate, up-to-date, security solution.

  • If your computer has been locked by ransomware, seek professional advice from a trustworthy source such as https://www.nomoreransom.org/

For more advice, see the below link:

https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks

https://www.getsafeonline.org/protecting-your-computer/ransomware/