Package Redirection Fraud via Postal Mail
How fraudsters redirect in-transit parcels to their own addresses by exploiting delivery update systems, customer service channels, or compromised account access.
Part of: Package Redirection Fraud
Last reviewed: 8 June 2026
Package redirection fraud exploits the flexibility that modern courier and postal services offer customers to update delivery details for in-transit parcels. This convenience feature — allowing recipients to change delivery addresses or redirect to a neighbour — is abused by fraudsters who use it to divert parcels to addresses they control, stealing the contents while the original sender or purchaser waits for a delivery that will never arrive.
The attack surface is broad: fraudsters may redirect parcels from phishing victims whose courier accounts have been compromised, from intercepted delivery notification emails, or by contacting customer service lines with stolen personal details to authenticate themselves as the intended recipient.
High-value consumer goods ordered online are the most common target, as they are routinely shipped by carriers and the diversion window between dispatch and expected delivery gives fraudsters time to act.
How this scam works on postal mail
A parcel is dispatched by an online retailer to the purchaser's address. The fraudster — having obtained tracking information through an intercepted confirmation email, a phished account, or a data breach — contacts the carrier's customer service or uses the carrier's online portal to redirect the parcel to a different address before delivery.
Alternatively, the fraudster intercepts the delivery notification SMS or email sent to the recipient and uses any included management link to update the delivery address. The parcel is delivered to the new address, collected, and the goods are retained or resold.
The original purchaser reports non-delivery to the retailer and carrier. Resolution typically requires a fraud investigation that takes days or weeks, during which the victim is without the goods and any refund.
Common red flags
- Delivery tracking shows parcel delivered but you did not receive it and your address is listed as confirmed
- You receive a delivery notification email or SMS you did not expect, suggesting someone has accessed your tracking
- Courier account shows a delivery address change you did not make
- Online retail account shows an address update or order modification you did not authorise
How to protect yourself
- Enable two-factor authentication on all courier account and retail accounts to prevent unauthorised logins
- Never click delivery management links in emails you were not expecting — access your courier account directly
- Monitor order tracking actively for unexpected status changes on in-flight deliveries
- Contact the retailer and carrier immediately if a parcel is marked delivered but not received
- Use carrier collections from a secure location for high-value orders where possible
How to report it
- Report to the carrier's fraud team and the retailer immediately on discovering misdirected delivery
- File a report with IC3 at ic3.gov if the loss was significant
- Report to the FTC at reportfraud.ftc.gov if account compromise was involved
Frequently asked questions
Who is responsible for a redirected parcel I did not receive?
Responsibility depends on the circumstances. Retailers and carriers have fraud investigation procedures for misdirected parcels. Document everything and file reports with both parties immediately — resolution is more likely when reported promptly.