Reroute Fraud: The Growing ecommerce Problem

Executive Summary

Reroute fraud is a post-checkout attack where a fraudster redirects a legitimate shipment away from the intended recipient address and into their control. It most often shows up as an address change request after checkout, a “hold for pickup” request with a carrier, or a delivery option change made using compromised credentials.

In practice, reroute fraud blends payment fraud, social engineering, and shipping workflow exploitation. It also overlaps with related patterns like interception fraud and item not received (INR) claims, because the end result is the same: the merchant loses product, refunds, or chargebacks.

What Is Reroute Fraud

Reroute fraud occurs when a criminal takes control of delivery after an order is placed, then uses a merchant or carrier workflow to redirect the package. The transaction itself may look legitimate at checkout, which is why reroute fraud is so damaging: the theft happens after the “fraud check moment” for many merchants.

Common reroute outcomes include:

• The package is held for pickup under a different name.
• The package is redirected to a different address or pickup point.
• The package is intercepted and returned to sender, then re-captured by the fraudster.
• The package is delivered to an alternate location, followed by an INR claim.

How Reroute Fraud Happens

Reroute fraud typically follows one of these operational paths.

1) Shipping items to a non-billing address

Fraudsters place orders using compromised payment credentials and ship to an address they can access. This tactic becomes more effective when merchants rely heavily on basic rules like billing/shipping match alone.

2) Adjusting shipping information after checkout, before shipment

Fraudsters contact customer support and request a “quick change” to the shipping address, often using urgency and plausible explanations. If the change is made outside the merchant’s fraud screening workflow, the order can become high-risk after it was already approved.

3) Adjusting shipping information with the carrier after shipment

Once tracking is available, criminals attempt to manipulate carrier delivery options. Many carriers offer legitimate delivery management tools for real customers, but those tools can be abused if:

• the fraudster has access to tracking details,
• the fraudster can pass identity checks,
• or the merchant allows delivery option changes without a high-friction verification step.

Legitimate services that can be abused in reroute scenarios include USPS Package Intercept, UPS Delivery Intercept, and FedEx options like Hold at Location.

4) Package hijacking after delivery (porch piracy)

Not every loss is “fraud” at the payment layer. Sometimes orders are legitimate and the theft happens after delivery. This still becomes an ecommerce loss event with chargebacks and reshipments. The U.S. Postal Service Office of Inspector General has published research on package theft as an increasing risk area in the delivery ecosystem (see the report Package Theft in the United States).

Why Reroute Fraud Is Growing

Reroute fraud scales because it exploits a structural reality:

• ecommerce is optimized for speed,
• customer experience teams are trained to resolve issues quickly,
• and carrier delivery tools are designed for legitimate convenience, not adversarial abuse.

As merchants increase automation (instant order routing, rapid fulfillment, self-serve delivery management), fraudsters gain more opportunities to “move the attack” downstream, out of checkout and into operations.

Warning Signs and Operational Indicators

These signals commonly appear in reroute fraud cases:

• A request to change shipping details after an order is already approved
• Requests to hold packages for pickup or redirect delivery immediately after tracking is issued
• High-value or highly resellable items combined with urgency, escalation, or scripted language
• A customer account that was just created (or recently had key details changed) placing a high-value order
• Multiple failed login attempts followed by a delivery options change (common in account takeover paths)
• Repeated “where is my order” tickets followed by an INR claim after a delivery scan

If your team sees these patterns frequently, expand your broader post-purchase abuse coverage with the NoFraud guide on return fraud mitigation and the playbook roundup in The Most Popular Playbooks to Stop Return Fraudsters.

Prevention Playbook for Ecommerce Teams

The best defense is a process that treats address changes and delivery-option changes as high-risk events, not routine CX requests.

Checkout controls

• Use a fraud solution that evaluates orders holistically and adapts to evolving patterns, rather than relying only on static rules.
• Apply higher scrutiny to resellable SKUs, high AOV baskets, and first-time buyers attempting expedited shipping.
• Consider requiring stronger verification for risky profiles before fulfillment (especially when inventory is scarce or easily fenced).

Customer support controls (most important)

• Establish a strict policy: never change shipping details on high-risk orders without step-up verification.
• Require the request to be authenticated through the same account that placed the order (not via email forwarding alone).
• Add a second factor for address changes (one-time passcode, verified link, or identity verification), especially when the order is already approved.

Operational note: NoFraud’s help center guidance for preventing reroute fraud emphasizes not allowing shipping changes without confirming it’s safe, and re-screening the order if details change (see Chargeback Protection best practices).

Fulfillment and shipping controls

• Hold and re-review any order where shipping details change after approval.
• Prefer signature confirmation for high-risk deliveries, especially for high-value categories.
• Use shipping workflows that limit “delivery option changes” without verified identity checks.

Carrier workflow controls

• Ensure your shipping account settings and label workflows are locked down to prevent unauthorized edits.
• For suspicious orders that have already shipped, consider intercepting the package where possible. NoFraud’s help center discusses intercepting or redirecting held fraudulent orders as a deterrent tactic (see Hold Order Notifications).

What to Do When You Suspect a Reroute Attempt

1) Freeze fulfillment if the package has not left your facility.
2) Treat any address change request as a new risk event and re-screen the order.
3) Document the request, timestamps, and channel used (chat, email, phone).
4) If already shipped, use your carrier tools to attempt an intercept where available, such as USPS Package Intercept or UPS Delivery Intercept.
5) If the customer later files an INR or chargeback, prepare evidence that shows the post-checkout manipulation attempt and your verification workflow.

How NoFraud and Yofi Help

Reroute fraud is a strong example of why merchants need both:

• pre-purchase fraud prevention that makes accurate accept/decline decisions, and
• post-purchase intelligence that detects abuse patterns as they emerge after delivery and fulfillment.

NoFraud helps merchants reduce exposure by screening transactions before fulfillment and supporting operational best practices that reduce downstream chargebacks. With Yofi’s post-purchase intelligence, merchants can better identify behavior patterns that correlate with reroute attempts, refund abuse, and repeat exploitation across identities and accounts. Learn more about the platform direction in NoFraud + Yofi AI: The First Unified Fraud & Abuse Prevention Platform.

FAQs

Is reroute fraud the same as interception fraud?

They are closely related. Many teams use “interception fraud” to describe in-transit redirection tactics specifically. For definitional clarity and adjacent patterns, see the NoFraud glossary entry on interception fraud.

Should we allow address changes after checkout?

Only with strong controls. Treat address changes as a high-risk workflow and require step-up verification, especially on first-time buyers and high-value orders.

Can carriers prevent reroute fraud?

Carriers provide legitimate delivery-management options. Those systems can reduce theft for real customers but can be abused by criminals. Merchant-side verification and process control are what close the gap.