Get one on the 'Royal Mail' & 'HRMC' style Text-Message/SMS 'You have a bill/fine' scammers.

Let's snip these bastards in the nuts.

TLDR: As seemingly everyone, recently i've been getting lots of text messages about having some kind of bill to pay. Let's take their sites down. .

Listen to this article

Get one on the ‘Royal Mail’ & ‘HRMC’ style Text-Message/SMS ‘You have a bill/fine’ scammers.

Here I’ll show you an easy way to actually harm these spammers, along with saying a few tricks as to how they set up things. You might want to skip the to juicy part

I’ve written this the long winded way, but that’s just for those who aren’t really knowledable about the web. It’s really quite simple….

TLDR in 4 Steps

  • Find domain name
  • Look up the WhoIs information on it.
  • Report to the register/host; they’ll have some kind of Abuse contact.
  • Send them your details.

What does a Link look like, and what parts do we need?

First up, this is a sample of one of the text messages. You can tell they’re fake, because they don’t use any registered domain names. To help you spot them (and to be frank, they’re all one, but this is just an example). a domain name is made up of the following.

https://[subdomain]. [domain]. [tld]/ [something]
  • http or https
  • The subdomain is normally the thing that they’re trying to emulute/spoof, such as Royal Mail, HMRC, FedEx, Police etc. You can have a few of these
  • The domain is normally something official sounding, but ultimately fake, such as “DeliveryService”, “BillingDepartment”.
  • The TLD part is something that you’d usually see such as ‘.co.uk’, ‘.com’, ‘.net’ etc. They’re pre-set as per what an organisation called ICAAN sets up, but they’re literally 1000s of these. A few of these are restricted such as nhs.uk & .gov.uk.
  • The Something part doesn’t have to be there, if it has what looks like giberish or a unique code. DO. NOT. CLICK. This’ll let them track your text message to their website & database, so if they know you’ve clicked, then they’ll spam you more & more – plus sale your phone number to other companies.

Some example links a spammer could use.


https://HMRC.billing-dept..me
https://police.pay-here..net
http://FedEX.custums-dept..co.uk
https://ukgov.paymentline..site/HA123
http://PayNowHere..net
https://RSPCC.NotAScamDonations..love

Ok, we’ve got a link, let’s get the important bit, and find out who’s hosting these f**kers.

Now you need to get the Domain and the TLD part, and make a note of it. Write it down if you like.

Then go into google, and google whois TLD. Click on the first NOT sponsored link, and you’ll be taken to a web page that has a search bar, to ‘look up’ the ‘who is’.

You’ll be given a whole bunch of goobldigook, but in the information, try and find the Contact Details. The people who own the site will probably be hidden, but you’ll find out who the host are.

You can also report it to the UK POlice’s ActionFraud department, who’ll also deal with the situation.

So what will this do?

It’s very easy for these spammers to set up numbers and spoof them, and if they’re doing it to your number, then I really don’t know what i’d do if they did it to me – possibly change my number. But they use seemingly ‘normal’ mobile numbers, which are setup via computers & not monitored – there is no point in really texting them back. And there is no way of really reporting these numbers in any offical capacity.

But setting up a website is much harder, especially with hosting, and hay, at least it’s something. All in all, this shouldn’t take more than 5 minutes, so spend some of that pent up frustration, safe in the knowledge that at least you did something =)


I’ve written this the long winded way, but that’s just for those who aren’t really knowledable about the web. It’s really quite simple….

TLDR in 4 Steps

  • Find domain name
  • Look up the WhoIs information on it.
  • Report to the register/host; they’ll have some kind of Abuse contact.
  • Send them your details.

Leave a Reply

Your email address will not be published. Required fields are marked *

Listen to this article