How to avoid phishing scams
We're committed to protecting the privacy and security of our customers and website visitors. Staying safe online can be tricky, which is why we've created this handy guide to help you.
What are phishing, smishing and vishing?
Phishing is where cybercriminals ‘fish’ for personal data by sending you emails (or social media messages) that look like they’re from us (or another legitimate sender or business). They often ask you to click a link, download or open files or software, or confirm personal information.
Similarly, smishing (or SMS-phishing) is a text message with a link that looks legitimate, often pretending it’s there to help you - such as to arrange a re-delivery, confirm the delivery address or check a problem with your account.
It can even be a direct phone call pretending to be someone they’re not – this is vishing or voice-phishing.
The aim of all of these is to get you to reveal private information like your usernames, passwords and other secure information, such as your parcel details, address, bank or financial details. This information can then be used to steal from you or be used against you.
These tactics can be very convincing and can even use genuine-looking branding and messaging. They often urge you to act fast as they don’t want you to have time to think about whether you should be doing what they’ve asked.
When you give fraudsters your details, they can use this to access more of your information. If you download any attachments, these can be used to infect your computer putting your files and data at risk.
Spot the signs
These attacks will often be unusual in some way or unexpected (for example referring to a parcel delivery you weren’t expecting). Always check with your usual contact for that service that the email, text or call is genuine before giving them any information. And don’t use any contact details contained within the suspicious email, text or call. Phishing emails may include the below:
Look out for poorly written sentences with spelling and grammatical errors
They may use 'Dear Customer' or ‘Dear [your email address]’ instead of using the name you use on your account (though criminals are getting better at personalising messages)
They may include links or buttons in emails that urge you to click on them. Before you click on any links, hover over the button or URL to check it goes where it's supposed to. If it brings up an unrecognised address, it could be a scam
The email address will often be different from the usual email address you receive from that company, even just using a slight misspelling or different formatting.
What is invoice fraud?
Invoice fraud (also known as mandate fraud or payment diversion fraud) is when someone gets you to change financial details (like a Direct Debit, standing order or bank transfer mandate) in order to defraud you or your organisation and pay monies to someone else. It can happen at home as well as in business.
An invoice fraud attack can be done over the phone, by email or in writing. However genuine it sounds or looks, if you work for an organisation, ensure you follow the standard procedures for changing bank details before taking any action. If it’s at home, use your own information to contact and verify details with the genuine third party – particularly for online payments.
Please be aware, we will never contact you by phone, email or text to request payment. We may contact customers by email and ask for information in relation to an ongoing claim but this would never be unsolicited.
If you've experienced cybercrime, you can also contact the charity Victim Support for free, who are available for confidential support and information on https://www.victimsupport.org.uk/
To help protect yourself online, use your usual search engine to visit NCSC and Getsafeonline
How we protect our customers’ data
Customer data is important to us, that’s why we wanted to reassure you that we take your data security seriously.
Here are some of our activities you can depend on:
As we become aware of fake GOODS2U websites or social media profiles we work with our partners to get them taken down.
We conduct ongoing security testing against our systems that process customer data, in order to confirm your information remains secure.
We also secure customers’ own GOODS2U accounts by monitoring and blocking suspicious login attempts.
Internally we ensure only those GOODS2U colleagues who need access to your data have it and we provide guidance and training to them to ensure they know how to handle it appropriately and in line with GDPR requirements. We understand and have defined legal bases for all of our processing activities.
If you have questions about your own personal data held or processed by GOODS2U, you can find contact information here.
ENVIRONMENT, SOCIAL, AND GOVERNANCE
Why ESG matters
As responsible carriers, we recognize our impact on the environment and believe in doing the right thing for our people.
It’ll be a long journey but we’re firmly on the right road as we look to deliver a better future for the planet and people – our people, our customers and retail partners, and our wider communities.
We aim to be carbon neutral by 2030.