Triangulation Fraud via Email
How phishing emails and fake order confirmations are used in triangulation fraud schemes where stolen card details fund legitimate purchases shipped to unknowing buyers.
Part of: Triangulation Fraud
Last reviewed: 9 June 2026
Triangulation fraud involves three parties: an unsuspecting buyer who places an order from what appears to be a genuine seller, the scammer who acts as a middleman, and a legitimate retailer from whom the scammer purchases the goods using stolen card details. Email is central to this scheme as both the order confirmation and shipping notifications arrive via email, making the entire experience appear authentic to the buyer.
The buyer may never realise anything is wrong. Their goods arrive, often from a well-known retailer, at roughly the price they paid. The harm is borne by the cardholder whose stolen details funded the purchase and by the legitimate retailer who ships the goods but receives fraudulent payment.
How this scam works on email
A victim browses what appears to be a discount electronics or goods marketplace and places an order via email confirmation flow. The scammer, having taken the order and payment, uses stolen card credentials to purchase the identical item from a legitimate large retailer, entering the victim's address as the delivery address. The legitimate retailer ships the goods in their own packaging, sometimes with their own invoice, which can confuse victims who did not expect a delivery from that particular store.
Email plays a secondary role in the fraud: the scammer may send spoofed 'order confirmation' and 'dispatch' emails that mimic legitimate retailers but route replies to the scammer's own inbox. Meanwhile, the actual shipping confirmation from the legitimate retailer arrives separately, creating a confusing paper trail.
Common red flags
- Package arrives from a completely different retailer than where you placed your order
- Invoice inside the package shows a different seller name and sometimes a different price
- Original order confirmation email comes from a domain that does not match the claimed retailer
- Payment was processed by a third-party intermediary rather than the brand directly
- If you received it, the legitimate retailer's confirmation contains a different buyer name
- Seller on the original site has very recent account history and aggressively low prices
How to protect yourself
- Buy from official brand websites or authorised retailers rather than third-party aggregators
- Check the email confirmation domain matches the actual brand's known domain
- If a package arrives from an unexpected retailer, check your card statement for charges from that retailer — you may be the victim of card fraud
- Report unexpected deliveries from major retailers to that retailer's fraud team
- Use a dedicated virtual card number for online purchases to limit exposure
How to report it
- Report to the FTC (US) or Action Fraud (UK) if you believe your card was used fraudulently
- Alert the legitimate retailer whose packaging was used to their fraud team
- Report any phishing confirmation emails to your email provider
Frequently asked questions
If I received the product, was I harmed by triangulation fraud?
The buyer who receives the goods is generally not directly financially harmed in a simple triangulation fraud, though your personal and payment data may have been collected by the scammer and the transaction may attract fraud investigations.
Why would my card be charged by a retailer I never shopped with?
If a scammer used your card details to fund a triangulation purchase, the legitimate retailer processes the payment. Check your bank statement — unexpected charges from known retailers can indicate your card was stolen.