/ Scams

Scam watch: a case of ‘mistaken’ delivery

Fraudsters can use stolen personal details to open credit accounts with a retailer, then intercept the delivery. Here’s how it works and what to do if you’re affected.

An unnamed parcel from an online retailer was delivered to Phil’s home address, containing a games console that he’d never ordered. Shortly after, a man in a high-vis jacket, featuring a courier logo, knocked at the door, with a van idling at the end of the drive.

He asked if Phil had just received something that wasn’t his, saying that there’d been a mistake. Because Phil had just admitted that he hadn’t ordered it, he reluctantly handed the parcel over. He then contacted the retailer, only to be told that a store account had been opened in his name and had been used to make the order.

Identity fraud

By using stolen personal details to open a credit account with a retailer, fraudsters can order high-value goods, intercept the delivery and get away with little trace, leaving you to pick up the bill.

The scammers probably received delivery updates to their phone or email, letting them know when it was likely to be delivered, while waiting nearby in the van that Phil spotted. On the upside, Phil told us that the retailer has been helpful and did everything right to get the situation resolved for him. It quickly investigated, confirmed that this was a case of identity fraud and fully reimbursed him, with an apology.

It also signed Phil up to the Cifas Protective Registration service, which usually costs £25 for two years. Being signed up to the service means any future credit applications made in his name will go through extra checks to make sure they’re not fraudulent before they’re approved.

Protective Registration

Unfortunately, if you’ve been ‘successfully’ targeted once, there’s a higher chance it could happen again. More and more banks, lenders and retailers are automatically offering to cover the cost of Protective Registration for victims affected by failings in their security checks.

If you fall victim to identity theft, ask the company involved to register you with the service. It’s also important that it removes any fraudulent lines of credit opened in your name from your credit file, so it doesn’t affect your credit score.

Have you been affected by this type of fraud? If so, how did the retailer deal with the situation? Let us know in the comments.

Comments
R Clark says:
13 January 2022

This exact thing happened to me last year. I do pretty much all of my shopping online except food, and so a knock on the door with a parcel is not unusual. I received a parcel from DHL which on opening turned out to be an iPad pro that I had not ordered with an o2 sim card. I am usually quite sceptical but I had ongoing investigations with the hospital at the time and was on very high drugs that definitely affected my behaviour. Within a few minutes I got a phone call on my mobile (from a mobile number) stating it was DHL and they had accidentally put the incorrect address label on the parcel and that someone would be there to retrieve the parcel. I totally fell for it, packed it back up and in another minute or so someone knocked on the door. I asked how they were going to prove that I had returned it and he took a photo.. I know, I was an idiot, and actually the penny dropped about half an hour later. I then rang the police fraud dept to explain what happened and they told me I was the second that morning, I also informed them I had ring camera footage of the person who came to collect the item but it was never requested. I cancelled all my cards and rang o2 giving them my crime report, as I did not understand how they could send me this as I had been with them for 20 years so clearly my name and address should be connected regardless of the fact they put a different email address. I then rang Experian and at that time there was nothing. To cut a long story short, o2 fraud department were very helpful, the iPad pro and the monthly broadband arrived on my experian report within the month and it then took o2 about 6 weeks to get that removed. I have not signed up to Cifas but have continued to pay Experian, it will be a year in March so I will revisit that as to whether I continue paying. I kick myself every day when I think about it as it was so stupid of me, but I put it down to my condition (ongoing) at the time as I was still in shock by my diagnosis. I have not had anything further happen but interesting that you say I am now likely to be hit again. The only thing I will say is that the fraud department told me I had done the right thing in giving them the parcel as I am widowed and live alone. But I was furious.
I guess as I do so much online shopping it is not that hard to get my details.

I’m not 100% sure whether courier companies are involved in labelling parcels (outsourcing is rife these days), but this would seem to be the responsibility of the retailer. This should set alarm bells ringing. If faced with a situation of this kind, I’d ask the “courier” for the name of the sender so I can contact them direct (I would look up the contact information online). It’s likely that the “courier” will decline to provide this information, or will name a bogus company, perhaps one with a premium-rate phone number?!!

Genuine errors can of course occur, and I’ve experienced two:

1) Some years ago I received a parcel I’d been expecting, but on opening it I found a delivery note for another customer (“Mrs X”); she didn’t have the same postcode but lived within half a mile of my home. Her order and mine were similar but not identical. I contacted the retailer to find out whether my own parcel had been sent to Mrs X, and I offered to visit her for an exchange of parcels, if they could arrange a mutually-convenient time. (I realised that as I already knew her address, the data protection regulations probably wouldn’t apply). It was a long time ago, but I don’t remember making a visit – the retailer must have gone down the conventional route, delivering and picking up via their courier. In any case I did receive my own parcel eventually.

Just before Christmas 2021 I received a parcel from a well-known retailer of luxury chocolates, with my correct address but for an addressee who was unknown to me. I contacted the retailer using the details on the return label; they made enquiries, and found that the sender had given the wrong street number when placing the order. I was meanwhile contacted by the recipient’s aunt and was told the correct street number. I offered to deliver the parcel or retain it for collection by the recipient . The retailer told me to keep the chocolates for myself and that they would send out another parcel, this time to the correct address. I declined as I wasn’t sure whether the sender would be charged twice (and anyway I eat too much chocolate!) The recipient duly collected the parcel from me and all was well.

In neither case did I find unauthorised charges on any of my accounts.

I’m sorry to hear of your experience, particularly as it coincided with a period of ill-health. Hope you’re feeling better. With best wishes for 2022.

Cath Cooper says:
14 January 2022

My experience was a tablet computer worth £350 from Ebay, which I hadn’t ordered, but someone had hacked into my Ebay account and used my husband’s bank card details for payment (he had made a small purchase using my account some time before). I noticed the email thanking me for my purchase, but they (or rather we) had paid for express delivery so it had been dispatched. We contacted NatWest who accepted it was a fraudulent payment, cancelled the card and gave us our money back.
Meanwhile however the tablet was delivered (the scam obviously went wrong). That’s when our problems started. I couldn’t send it back via Ebay as Paypal would not reimburse us as we had cancelled the card. Paypal were less than helpful (I think they thought I was the fraudster!). The nice lady at Ebay couldn’t help and suggested I keep the tablet or give it to charity. The bank didn’t want the tablet either, even though in theory they now owned it. I contacted the seller direct but he said Ebay had told him not to deal with me directly. I didn’t want to keep it, so I sent it back to the seller and told the bank what I had done. I wonder if they chased him for their money????

what I’m not getting here is whos paying for the goods? identity fraud is one thing but they would then have to have details from your credit card/paypal account/debit card etc? and what methods are they using to get these details? and how about the fraud squad tracing their email address/mobile phone numbers?

Karina Cliff says:
15 January 2022

Good question!

Jan A says:
16 January 2022

This happened to me. in March. Luckily I didn’t hand the parcel back to the bogus courier and rang the police. They informed the supplier that I was a victim of identity fraud , so i did not have to report it myself.

The receiver is the one who pays. The fraudsters take out a contract in your name to be paid monthly. I received the paperwork about 1 week later. Hope that helps

I also had a bank account opened in my name at about the same time

GRAHAM says:
13 January 2022

Something similar happened to me a sat nav was delivered to me that i had not ordered. Almost at the same time got details of a credit agreement made in my name for sat nav with Klarna (a have now and pay later company) . The scam must have gone wrong because it was not intercepted and I got the sat nav. After talking to Klarna it turned out somebody had raised a credit agreement with Halfords and Klarna admitted Halfords credit checks were at best sub standard. I returned the sat nav to Halfords and got assurance from Klarna credit cancelled and rating would not be affected. I was lucky to get resolved but a lot of bother.

Ray Reed says:
13 January 2022

I had an Email from Vodafone on December 21st saying sorry about my lost mobile ‘phone, which I still had. Around the same time I had a text from my bank asking if I had tried to establish mobile banking.
To be brief, someone impersonated me, got Vodafone to block my mobile and issue a new SIM. This was used in an attempt to access my bank. The bank had a call requesting the payment of an undertakers invoice for over £10K. The bank blocked my account and I did not lose any funds.
It took a lot of sorting out, especially as there were so many holidays. Going to a bank branch with passport is the sure way to clarify.

I guess having a poor credit history will not allow this to happen to me. For once that is not something that should bother me.

I had a Very account opened up in my name some years ago. They contacted me and asked me if I had been the one to opened up two separate accounts of late?
I said I hadn’t so they apologised for the inconvenience caused, they pushed me into joining the register mentioned which was actually a real headache in the end as it makes your life quite a bit more difficult when opening any credit accounts or bank accounts in the future. I lost out on a £100 bank switch offer because it was far more difficult to switch banks because of this. The new bank wouldn’t open the account online as they weren’t sure it was really me trying to open it but only let me know through a written letter. They then insisted that I come into a branch with my passport as ID, a proof of address in the form of a written bill in my name with my address on (not an easy thing to get hold of in this day of online bills, I had to go to another of my banks and get them to print out confirmation of my address) etc before they would open the account. Plus as I had opened the account just before going on holiday by the time I’d gotten back, opened up my mail realised there was an issue and found out I had to do all these tasks I’d missed the 10 day deadline that was in their terms and conditions. They still opened up the bank account for me but wouldn’t honour the terms of the cash incentive. Its also been harder to open anything else I have actually wanted over the years since. So having someone open up a fraudulent credit account has cost me time and money and made my life that bit harder.
No fun really.

I had a similar experience – I had a posh set of skiing gloves delivered with my name and address on the package from Amazon. I rang them straight away to say I had had these gloves delivered but had not ordered them. I gave them all the info from the order and the person from Amazon checked their records. They said they had 2 accounts registered for me. I asked for details on this second account associated with the gloves but they wouldn’t tell me anything. I challenged them and said how could they have an account in my name and with my address but refuse to give me any info on the account? My main concern was had they accidentally duplicated my account and were my bank details linked to this second account. I was very clear it was not my account, I had not opened it and had not ordered anything on it and asked them to delete it. When I offered to send the gloves back they told me to keep them. No one called to try and get them. It was all quite unnerving as I am careful with my personal details and cut up or delete any personal details on letters, envelopes and packaging before I throw it out.

I was the victim of one of these scams a few years ago. A a parcel was delivered using my name and address that contained a £400 pair of jeans. I opened it, saw that this was a web transaction and realised that a scam was in progress. When a young man turned up to collect the package, I refused to hand it over. When he returned some 30 minutes later, I did not open the door and called the police. A patrol car turned up soon after, two officers had a chat with me and took the package as evidence. I never heard from the retailer but was contacted by Klarna with a demand for payment. Klarna ignored my replies to their Stokholm address, informing them that we were joint victims of fraud/identity theft and giving them the crime number. A letter addressed to their CE was returned unopened, unlike the letters I sent to their accounts department, but a letter sent to the CEO of the UK retailer resulted in the suspension of action.

A Visa card had been used to make the order and for a couple of years my Visa debit and credit cards were blocked for online clothing transactions. When Visa do this the payment details go to them but no response is sent back. This is most frustrating as there is nothing that you can complain to your bank about, and there is no way to complain direct to Visa! The incident is not recorded on my credit file. I pay to have credit transactions in my name monitored and reported the incident to the monitoring company within a couple of hours of the delivery having been received.

Talking to the police, they told me that they had checked out the area for a young man matching the description that I had given them. They reckoned this was worth trying as these criminals will arrange for a number of deliveries in one area using the same morning/afternoon slot. They did not spot him and no further action was taken.

The Klarna ‘pay later’ scheme was clearly the enabling factor in the commission of the crime, and my good personal credit rating would no doubt have assisted the criminals who impersonated me. I have also received a visit from local Trading Standards officers to warn me that my details are on at least one suckers list, which could have been how these ciminals knew my name and address. I pay two companies to look out for my details appearing on the dark web. I have had a couple of warnings reported by them, fortunately no one appears to have cracked the long passwords generated by my password manager.

“By using stolen personal details to open a credit account with a retailer…”

I doubt that these are ‘stolen details’ in the normal sense of understanding. I think most of these frauds are ‘insider’ jobs, with criminal gangs simply getting members recruited (sleepers) into the relevant departments of online retailers, banks etc etc…

It is why so few are ever prosecuted: the institutions concerned do NOT want the bad publicity a prosecution would bring. I wonder if Which? ever consider this? I do have some evidence….

I wouldn’t buy a luxury easter egg.

Ray. says:
13 January 2022

I tried phoning you but was put on hold for several minutes with an automated voice message.
I would appreciate your advice please.
I think I might have been targeted for a scam. I read a Which scam alert about identity theft. In the report it said people were receiving packages they had not ordered then a short time after a person would call asking for the package.
My concern is I received an email message from the postal service saying that they have a package for me but the address label is damaged so can’t be read. I sent a message to them giving my address. My fear is that I have set myself up to be scammed. What should I do?
Thank you for your assistance.
Ray

Robert Baldock says:
13 January 2022

Hi Ray. I have just read your comments and 2 points came to light immediately, one was that they said the address label was damaged and unreadable so how did they know it was for you and secondly how could they know your email address?
This is so obviously a scam and I suggest you forward the email to the postal service so they can investigate it.
My advice would be to not engage in any conversation with anyone saying they are from the postal company unless they have checkable ID.
Also you shouldn’t receive or expect parcels if you haven’t ordered anything.
Take care buddy – regards Bob

Well ive just joined this forum ( if thats what this is?) And i hear of people getting scammed all the time but call me old fashioned im only 57?😎 and i do not use online banking i have no credit cards no loyalty cards in fact i use cash as much as possible!! My friends say I’m weird lol but thats my way does snyone else do this?

Hi Paul and welcome to Which? Conversation.

There are Conversations about the need to retain bank branches and easy access to cash for people like yourself who don’t wave around cards and their phones to make payments. You are certainly not alone. I’d love to see loyalty cards banned and all customers benefitting from lower prices but for some reason it is legal for companies to issue them and collect data about what we buy.

Absolutely. No phone banking, no internet banking, No credit card. Please do call me old fashioned.

I’m not 100% sure about packing processes, but it seems that a courier company would not be responsible for labelling parcels – surely this would be done by the retailer, and a genuine courier company would not be contacting you about an error of this kind. In such cases, you should probably ask the “courier company” who the sender is, then research the sender’s contact details independently and contact them direct. My bet is that the courier company will decline to provide these details, or will name a company that turns out to be bogus – or which has a premium-rate contact number!!

Of course genuine errors can occur. I have experienced two cases:

Some years ago I received a parcel I had been expecting, but when I opened it I found that the delivery note was for a different customer, (I’ll call her “Mrs X”); she had a different postcode but lived within half a mile of my address. Her order and mine were similar but not identical. I contacted the retailer and asked whether both parcels had been dispatched, then offered to visit Mrs X with a view to exchanging parcels. As I already knew her address from the delivery note, I assumed data protection regulations didn’t apply here. I can’t quite remember what happened, but I don’t recall making the visit; I think the retailer chose to go the official route by delivery and pick-up via their courier. In any case I did receive my own parcel eventually.

Just before Christmas 2021 I received a parcel from a well-known retailer of luxury chocolates, addressed to a lady I didn’t know. I contacted the retailer from the details on the return address label; enquiries were made, and it turned out that the sender had given the wrong street number when placing the order. I would have offered to deliver the parcel myself, but realised that data protection regulations would mean that the retailer couldn’t disclose the recipient’s address. Instead I offered to retain the parcel for the recipient to collect. The retailer told me I could keep the parcel and they’d send another one, correctly addressed. I wasn’t sure whether the sender would be double-charged so I declined. (Anyway I eat too much chocolate as it is!) The recipient duly picked up the parcel and all was well.

In neither of these cases did I find unauthorised charges to my online accounts.

Mrs Isabel Murray says:
14 January 2022

Most of us will surely do most of these things, not just one. I will sell if I can and give away if I can’t. I never skip or throw away anything.

Michael Ney says:
14 January 2022

I knew of a group of fraudsters who trawled through Companies House records for Directors and chose large houses in leafy areas. They would then apply for credit accounts with a large clothing company in the name of the houseowner (chosen because they’d have good credit ratings). They’d place orders with the company, the goods would be delivered and then the thieves would call to “collect” the goods delivered in error. They were caught in a targeted stop with masses of brand new products in their car, still in the original wrappers and with the order number barcodes attached. The company concerned now has tighter rules for opening credit accounts.

Nasser says:
14 January 2022

Most of these scams happen because banks “allow” them to happen and because of poor international legislation against rogue companies like Google, Facebook, Twitter etc. Online funds transfers happen between bank accounts after all. And Google, for example, allows the creation of email accounts without requiring proof of ID and address. IT IS ALL A BIG SCAM.

Rita says:
14 January 2022

A couple of years ago I received what I thought was junk mail from Next. I almost put it straight in the bin, but I opened it. I was surprised to find a thankyou for opening an account and making my first order! I got straight on to Next (checking number on line) and was put through to the fraud department. Eventually they established that the account was in my correct name and address but spurious date of birth. I was puzzled as to how the fraudster would benefit, and was told that they could elect to pick up the parcel from drop off lockers. Next put me on the 2 year anti fraud register and Experian, and so far nothing else has been detected. They did warn me that I might need to go through a few extra security hoops as a result of having my identity compromised, but it was well worth it for the peace of mind. I was pleased with the Next response. The parcel con sounds like a more sophisticated version of my experience.

About 5 years ago someone managed to get hold of my credit card details and ordered a full central heating system and boiler. It was delivered to my house but intercepted before it got to my door. The first thing I knew about it was my huge monthly bill – so I had to report it obviously and the credit card company cancelled it straight away saying that this was not an especially uncommon type of fraud. But the crooks got away with a £3,000 central heating system!!

Our attic is unheated and well insulated from beneath. Even in the summer drinks are always pleasantly cool.

Jayne Dalley says:
15 January 2022

We had this type of thing happen a couple of years ago – a mobile phone was delivered, not addressed to us by name but with our address. Shortly after a man pulled up in a red van rang the door and said it had been delivered to us by mistake. We guessed it was some kind of fraud and said nothing had been delivered – how could he prove it? he left empty handed. We phoned the provider – it said on the box which company it was and they told us to return the phone to the local shop which we did. The fraudster didn’t get the phone and the company were not out of pocket. I think they just used us as a random address. It was not our details on the account that had been set up but a guy who banked with Barclays that the phone company called to inform. We never heard anything else, the man never came back.

Nigel Holloway says:
16 January 2022

Some years ago I was informed by Citibank’s fraud section that a Citi credit card I had at the time had been used to order about £600 worth of goods from Sainsbury’s. In this case the fraudsters had the goods delivered to them, so not to the same address registered for my credit card. Citibank sorted this out very rapidly and restored the money immediately to my account, which was very efficient. During this process I ‘phoned Sainsbury’s to find out where they had delivered ‘my’ goods. Astonishingly, they refused to say, giving the excuse “criminals have rights too”.

Nigel Holloway (Reading)

PS: Citibank stopped doing UK credits cards soon afterwards, but I was sufficiently impressed by their efficiency that I have since bought some shares in the bank.