Mail Forwarding Abuse Scams
Criminals file fraudulent mail-forwarding requests in a victim's name, redirecting all their post to an address the fraudster controls to harvest identity documents and financial mail.
Last reviewed: 1 June 2026
What this scam is
Mail forwarding abuse is a form of identity-enabled postal fraud in which a criminal submits a change-of-address or mail-forwarding request in the victim's name to a postal authority, redirecting all of the victim's incoming mail to an address under the fraudster's control. The fraudster may maintain the redirect for days or weeks, during which time they receive everything destined for the victim — bank statements, new cards, government correspondence, tax documents, and any other sensitive material.
The process of submitting a mail-forwarding request varies by country but has historically required only basic personal information — name, current address, and new address — with limited identity verification. Fraudsters who have obtained this basic information from data breaches, social media, or prior fraud can file the request online or by post with little resistance.
During the period of active forwarding, the victim's mail simply stops arriving. Many people initially attribute this to postal delays or the expectation that they are receiving less mail than usual, which delays discovery. By the time the victim realises something is wrong and contacts the postal service, the fraudster may have weeks of accumulated mail to mine for identity and financial data.
Mail forwarding abuse is often a precursor to further fraud rather than an end in itself — it is a data-collection mechanism that enables account takeover, credit fraud, and targeted phishing.
How it works
The attack begins when the fraudster gathers enough information to impersonate the target: name, current address, and sometimes date of birth or a partial identifier. This data may come from a prior breach, from publicly available sources, or from a targeted social engineering effort.
With this information, the fraudster submits a mail-forwarding request online or by post, naming the victim's address as the 'from' address and a drop address — typically a short-term rental, a PO box, or an accommodation address used to obscure the fraudster's true location — as the 'to' address. In many jurisdictions, this request is processed automatically without any verification to the current address holder.
Once active, all standard mail for the victim begins arriving at the fraudster's address. The fraudster reviews each item for financial or identity value: bank statements yield account details, new cards can be activated if the PIN arrives in a separate intercepted letter, HMRC or tax authority letters may contain reference numbers used for fraud, and utility bills provide proof of address for new credit applications.
The forwarding is eventually cancelled — either by the fraudster once they have what they need, or by the postal service after the victim reports the issue. By then, significant secondary fraud may already be underway.
Why this scam works
Mail forwarding abuse works because postal change-of-address systems are designed for convenience. When a genuine customer moves house, the process needs to be quick and accessible. The same accessibility enables fraud when identity verification is minimal.
Victims often do not notice a drop in mail volume for several days. When they do, initial explanations — holidays, quiet periods, postal disruption — feel more plausible than the idea that their post is being actively redirected. This delay gives fraudsters time to harvest substantial amounts of data.
Common red flags
- Mail volume drops suddenly and unexpectedly without any change in your circumstances
- You receive a forwarding confirmation letter for an address change you did not request
- Bank statements, utility bills, or official letters stop arriving on their usual schedule
- Credit reference agency flags new hard searches or accounts you did not initiate
- Businesses or correspondents report that letters sent to your address are being returned
- Post office confirms an active forwarding order you did not place
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
[Post Office] Mail Redirection Confirmation: Mail for [Name] at [current address] will be forwarded to [new address] from [date]. If you did not request this, call [number] immediately.
Your mail redirection has been activated. All standard mail for [address] will be forwarded for [X] months. To cancel, visit [official link].
HMRC letter: We have sent your tax summary to the address held on our records. If you have recently moved, please update your details at [official link].
Bank statement enclosed: please review your transactions for [period] and contact us if there are any discrepancies.
Dear [Name], we are writing to confirm a change of address has been recorded on your account. If you did not request this change, contact our fraud team immediately.
Common variations
- Business-targeted: fraudster redirects a company's mail to capture supplier payment checks and financial correspondence
- Short-duration redirect: only a few days of forwarding targeted to capture a specific expected delivery
- PO box fraud: victim's address changed to a PO box the fraudster rents temporarily
- Combined attack: mail forwarding used alongside account takeover attempts to intercept verification codes sent by post
How to verify before you act
If your mail appears to have stopped unexpectedly, contact your postal provider and ask explicitly whether any mail-forwarding or change-of-address order is active for your address. This can usually be done online or at a post office counter.
Many postal services now offer a confirmation notification service — a letter is sent to both the old and new address when a forwarding request is filed. If you receive such a notification for a move you did not initiate, contact your postal provider immediately to cancel the order and file a fraud report.
Check whether any new accounts have been opened in your name by reviewing your credit report. Fraudulent forwarding is often followed quickly by credit applications using the identity data harvested from redirected mail.
Payment methods used
- Cryptocurrency
- Bank/wire transfer
- Gift cards
- Money transfer services
- Payment apps to 'friends & family'
Who is usually targeted
- Individuals with stable, long-term addresses who are unlikely to expect a forwarding notification
- Businesses receiving regular check or financial correspondence
- People whose personal data has appeared in data breaches
- Absent property owners or those with second homes
What to do immediately
- Contact your postal provider immediately to cancel any unauthorised forwarding order
- Request a list of mail items forwarded during the active period if the postal service can provide it
- Alert your bank, utility providers, and HMRC or tax authority that your mail may have been diverted
- Ask your bank to review your account for any activity using address data changed during the forwarding period
- Check your credit file with a credit reference agency for any new accounts or hard searches
- File a police report and a report with your national fraud reporting body
- Consider a credit freeze to prevent new accounts being opened while you investigate
How to prevent it
- Register for mail redirection alerts with your postal provider so you are notified of any forwarding requests
- If your postal provider offers a mail-forwarding lock or identity-verified change-of-address service, activate it
- Check your credit file regularly for any sign of accounts opened using your details
- Tell your bank and key correspondents to notify you of any address change before it takes effect
- Opt for paperless statements and electronic delivery where possible to reduce the value of intercepted post
- Monitor your mail volume — an unexplained drop should prompt a call to your postal provider
Evidence to preserve
- The forwarding confirmation letter if you received one
- Records of mail that you expected but did not arrive, with dates
- Post office confirmation of the fraudulent forwarding order details, including dates and destination address
- Credit report entries showing any new searches or accounts
- Bank or financial records showing any changes made using potentially intercepted data
- Any correspondence from businesses or agencies about undelivered mail
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
How do I cancel an unauthorised mail-forwarding order?
Contact your national postal service directly — in the UK, call Royal Mail; in the US, contact the United States Postal Inspection Service. Bring photo identification and visit a post office or contact their fraud team online. The fraudulent forwarding order can be cancelled immediately once confirmed. Also file a police report, as fraudulent submission of a change-of-address request is a criminal offence in most jurisdictions.
How long might a fraudster use a mail-forwarding order before I notice?
In practice, most victims notice within two to four weeks because regular correspondence stops arriving. However, if mail is already infrequent or the victim is travelling, it can go undetected for longer. Filing for a redirection notification service — where both addresses receive confirmation letters when a forwarding request is made — is the best way to ensure early detection.