Security Advice

Here you will find important information about safety on the Internet.


  • Never respond to suspicious email from senders you don't know.
  • Never open attachments or follow up links to dubious emails.
  • Ignore malicious payment requests that appear in emails or on websites.
  • Never install software updates or programs from unknown websites.
  • Send us details of such events.

1. Common Sources of Risk

Emails with Forged Shipment Notices or Demands for Payment

Be sceptical when you receive shipment confirmations or other emails from companies you have not ordered anything from. Hermes does not send emails with additional claims. When these emails contain attachments or links, delete the email straight away. Under no circumstances should you open the attachment or links. These can contain malware that self-installs on your computer or smartphone. Hermes does not send such emails, nor are such sent on Hermes' behalf.

You can find more information on this in the section "Phishing emails".

Fake SMS

Similar to postcards or emails, SMS senders or messages can also be faked and misused for spam or phishing. SMS sent by Hermes do not contain any links and the SMS always contains your consignment ID.

If you receive SMS messages regarding your parcels that deviate from this pattern, they were not sent by Hermes. Please ignore them, do not open any links to suspicious websites and do not enter any personal data there.

Phishing Emails

So-called "phishing" - derived from "password fishing" - is used to get a hold of confidential user data and passwords by sending out fake e-mails. These e-mails not just ask users to provide or update personal and confidential information but sometimes also offer links to fake websites of reputable companies and credit institutions to acquire the personal data when the the user tries to login. No reputable company will ever use e-mails to request passwords, credit card numbers or other data from you or ask you to update your customer data.

Please enter the Internet address manually each time and do not use any links from e-mails you receive. This could be an attempt at fraud. In your Hermes account we offer you a secure way to - if necessary- update your customer data yourself (e.g. address, email address, password etc.).

Hermes will never ask you (e.g. by email or by telephone or by SMS) to enter or transmit sensitive customer information for verification via the internet. The payment of our service will be in cash and on the spot at the parcel shop or by Paypal via our website directly during the creation of a parcel label. If you receive a payment request by e-mail or by SMS, please ignore this and delete it. At Hermes the entire shipping costs must be paid in one amount. Therefore, no additional costs may be necessary for the recipient and will not be requested by us. These cases are phishing attempts. E-mails that demand a change of password or threaten to block your account may also be phishing attempts. Please do not enter any data in such cases.

Fake Websites and Other Harmful Programs (Malware)

There are some websites on the Internet that appear as if they are operated by one of the Hermes companies but are actually operated by thrid parties unknown to Hermes. These rogue sites try to trick unsuspecting users into installing harmful programs such as spyware, trojans, computer viruses or other harmful software.

Hermes is not at all responsible for these sites. Hermes would never ask you (either by email, or on its website) to update your browser or operating system for security reasons, nor would Hermes ask you to install additional software. To be able to get the most of the functions available on Hermes sites you simply require a recent version of your browser and a program that enables PDF documents to be displayed.

2. For your security - Encrypted Transmission

Data transmitted between your browser and the website is safeguarded through the use of TLS (Transport Layer Security). All the data you enter is encrypted.

3. General Security Rules for You

  • Please only enter access data for the myhermes portal on the website. Please do not use any websites that supposedly offer you easier shipping options or similar and ask you for your contact details. These are very likely to be fraudulent websites.
  • Do not save any passwords unencrypted on your computer. This could make it easy for hackers to access your data. If you can't make a mental note of your passwords, use software that will store the information in encrypted form.
  • Use passwords with a least eight characters. Ideally you should be using upper and lower case letters, numbers and special characters. A simple way to generate a secure password which is often easy to remember is to use the initial letters of the words in a sentence. Alternatively, you can use a whole sentence. The more characters your password has, the more secure it will be.
  • Install a virus scanner on your computer and make sure it is always up to date.
  • Ensure that your operating system and your programs are always the latest and the most secure versions. Install the security updates recommended by the manufacturer.Make regular backups.
  • Only install software from trustworthy sources.
  • Wherever possible, only use your own computer to enter access data to websites. When it comes to public systems (such as Internet cafés and libraries) you never know what malware is installed that can read confidential information.
  • Be sceptical when using foreign or public wifi. Use VPN if possible.
  • If you suspect that access details have been compromised by third parties, change your password immediately. Wherever possible, you should use different passwords for different websites.

For more information, check your local information security office.