Package Redirection Fraud
Fraudsters redirect parcels in transit to a different address — by hacking delivery accounts, contacting courier support, or intercepting tracking notifications — to steal goods.
Last reviewed: 1 June 2026
What this scam is
Package redirection fraud occurs when a criminal changes the delivery address of a parcel already in transit, diverting it to an address they control rather than the intended recipient. This can happen through several vectors: gaining access to the recipient's courier account and changing the delivery preferences, contacting courier customer service and impersonating the account holder, exploiting self-service redirect features that some couriers offer, or in some cases by compromising the courier's own systems.
The fraud can target either the buyer or the seller in a transaction. In buyer-targeted variants, the fraudster intercepts a parcel the victim ordered and sends it to themselves. In seller-targeted variants, a fraudster purchases goods online, waits for dispatch, and then redirects the parcel to their own address — leaving the seller believing the item was delivered but the genuine buyer never receives it, and the payment dispute that follows harms the seller.
High-value consumer electronics, designer goods, and other resaleable items are the primary targets because the financial return justifies the effort. The fraud can be difficult to detect in transit because legitimate redirect services are designed to work quickly and silently from the recipient's perspective — which is also what makes them exploitable.
Victims are typically left managing a dispute with the courier while the fraudster has already received and resold the goods.
How it works
The most common method is account compromise. A fraudster obtains access to a courier account through phishing, credential stuffing from data breaches, or social engineering the courier's customer service team. Once inside the account, they change the delivery address for an in-transit parcel, often scheduling the redirect to trigger only 24 to 48 hours before the expected delivery date to minimise the window in which the victim could cancel it.
For couriers with self-service redirect options — where any person with the tracking number can request an address change — fraudsters monitor publicly shared tracking numbers or intercept dispatch notification emails to gather the reference. Some platforms require no further verification to redirect a parcel, making this a very low-effort attack.
In social engineering variants, the fraudster calls courier customer service posing as the account holder and requests a redirect, citing a change of address. Staff who are focused on customer convenience may not apply stringent verification.
Once the parcel is redirected, it is received at the fraudster's drop address — often a short-term rental, a business address, or an address tied to a money mule — and collected before the fraud is reported.
Why this scam works
Redirect features are designed for convenience — a genuine user who has moved house or is not home wants to be able to change their delivery quickly. The same design that makes this easy for genuine users makes it exploitable by anyone who can access the account or reference number.
Couriers process thousands of redirects daily and cannot manually review each one for legitimacy. Automated systems act on the redirect instruction without real-time human oversight. The fraud window is short and the goods are typically collected and moved on quickly.
Common red flags
- Tracking notification shows a delivery address change you did not request
- Tracking shows 'delivered' but you have not received anything
- You receive a courier login alert from an unrecognised device or location
- A new delivery address appears in your courier account that you did not add
- Your expected parcel does not arrive on the scheduled date with no explanation in the tracking history
- Seller informs you the parcel was delivered, but you received nothing
- Courier customer service cannot confirm the current delivery address matches your account
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Your delivery address has been updated as requested. Your parcel will now be delivered to [new address] on [date]. If this was not you, contact us immediately.
[Courier]: We have processed your redirect request. Parcel [ref] will now be delivered to [address]. Update takes effect within [X] hours.
[Courier] login alert: Your account was accessed from [device/location] at [time]. If this was not you, secure your account now: [link]
Your parcel [ref] has been successfully delivered to the updated address on [date]. Track your delivery history in your account.
[Courier] notification: A redelivery preference change has been applied to shipment [ref]. Visit your account to manage your deliveries.
Common variations
- Seller-targeting: buyer redirects after dispatch to receive goods and then disputes the transaction as not delivered
- Account takeover only: fraudster accesses account to redirect multiple parcels simultaneously
- Drop address relay: redirected to a third address controlled by a money mule to add distance from the fraud
- Tracked number harvesting: tracking numbers shared publicly on social media exploited for redirect requests
How to verify before you act
Monitor tracking notifications for your parcels carefully and act immediately if a redirect or address change appears that you did not request. Most couriers allow you to lock a delivery to a specific address from within your account settings — enabling this feature prevents redirects from being applied without additional verification.
If you receive a redirect notification you did not initiate, contact the courier's fraud line immediately and ask them to reverse the change and flag the parcel for security hold at a depot. Change your courier account password and check whether any other parcels in your account have been affected.
Payment methods used
- Cryptocurrency
- Bank/wire transfer
- Gift cards
- Money transfer services
- Payment apps to 'friends & family'
Who is usually targeted
- Online shoppers expecting high-value deliveries
- Sellers of valuable goods who dispatch by courier
- Anyone whose courier account credentials have been compromised
What to do immediately
- Contact the courier's fraud team immediately if a redirect notification was received that you did not request
- Ask the courier to place a security hold on the parcel and reverse the redirect
- Change your courier account password and enable two-factor authentication
- Notify the sender or retailer that a fraudulent redirect may have been applied to your parcel
- If the parcel has already been delivered to the wrong address, request the courier initiate a misdirected parcel investigation
- File a report with your national fraud reporting body
- Contact your payment provider to initiate a dispute with the retailer if the goods are not recovered
How to prevent it
- Use strong, unique passwords for courier accounts and enable two-factor authentication
- Enable delivery locks or address change notifications in your courier account settings
- Monitor parcel tracking proactively — check for any changes shortly after dispatch
- Avoid sharing tracking numbers publicly on social media
- Review your courier account's saved address list periodically and remove any addresses you do not recognise
- Consider using a click-and-collect locker service for high-value deliveries, which eliminates the home address risk
Evidence to preserve
- Screenshots of tracking history showing the redirect event, including timestamps
- Any email or app notifications about the address change
- Courier account login alerts, including device and location details
- Your original order confirmation showing the correct delivery address
- Correspondence with the courier about the misdirected parcel
- Any confirmation that the parcel was marked as delivered to a different address
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
Can the courier recover my parcel if it has already been redirected and delivered?
Once a parcel has been delivered to a redirect address and collected, physical recovery is unlikely. However, report it to the courier and to the police immediately — the drop address may be known to investigators from previous cases. File a dispute with the retailer or payment provider. Many couriers have insurance arrangements that cover misdirected parcel losses in certain circumstances, so ask your courier to escalate to their lost parcel or fraud resolution team.
How do I stop someone redirecting my parcels in the future?
Use a strong, unique password for your courier account and enable two-factor authentication. Some couriers offer a delivery lock feature that prevents address changes without additional verification — activate this if available. For very high-value items, request that the retailer ship with a signature requirement and no redirect permissions, or use a secure collect-in-store or locker service.