It seems like a Hermes scam email is doing the rounds and putting buyers at risk. You can read the full report from MyOnlineSecurity here . But as they say on the blog:
They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers, although this one does seem more consumer targeted from the email.
My Hermes or any other delivery company mentioned in these emails have not been hacked or had their email or other servers compromised. They are not sending the emails to you. They are just innocent victims in exactly the same way as every recipient of these emails
Hermes have commented on the reported scam and they give good advice:
We are aware of fake phishing emails which claim to be from myHermes with information about parcel tracking details. They appear to be designed to trick users into clicking on a link which then downloads malware onto their computer.
We have received a very small number of inquiries regarding this and our security team continues to investigate the issue. We take matters of security extremely seriously and will continue to monitor the situation and are also reporting this to Action Fraud. We would urge the public to take a few minutes to read our advice on how to protect themselves from scammers.
– Hermes spokesperson
Fraudsters of this ilk opt for a scatter gun approach. So many people take deliveries from Hermes and other big delivery firms so they take the view that a few people will fall for these scams and they can garner valuable personal details. Get tooled up with the info and you’ll be fine. And help your buyers too.