When people think of identity theft, they often picture stolen credit card numbers or hacked bank accounts. But criminals are finding new ways to take over accounts—without ever needing your password. A rising scam involves changing the address linked to your email, banking, and retail accounts, locking you out while scammers take control.This isn’t just a digital version of mail fraud. Once a scammer updates your address, they can intercept security codes, reset your passwords, and take over your financial identity—often before you even realize what’s happening. Many of these attacks start with stolen personal details, often bought on the dark web, where criminals trade exposed login credentials and identity records.For example, a scammer who gets hold of your leaked email and banking login details from a past data breach can change your billing address, request a new debit card, and intercept your replacement card before you even know something is wrong. And because address updates often go unnoticed, victims may not realize the fraud until it’s too late.So how do criminals pull off these scams so easily, and what can you do to stop them? Let’s break it down.Online address takeover scam: How it works Online address fraud isn’t new—criminals have long exploited mail-forwarding schemes to intercept physical documents. But today’s scammers are targeting digital accounts, where a simple address update can reroute sensitive information, take over accounts, and drain finances—all without needing physical access to your mail.Step 1: Stolen personal informationCriminals acquire personal details like full names, email credentials, and partial financial data from data breaches. They often sell this information in illicit markets on the dark web, where buyers mix and match details to form profiles. With this information, cyber sleuths can bypass weak security measures and access accounts.Step 2: Breaking into an account With these stolen details, scammers test email, banking, and retail accounts for access. If they have login credentials, they simply sign in. If not, they use forgot password requests or guess security answers based on leaked personal details. Some even change an account’s email address first, cutting off victims from security alerts before moving to the final step: changing the home address linked to the account.Once the address is updated, scammers can intercept new debit cards, reroute statements, and block victims from receiving fraud notifications. For example, if they change the address on a banking account, they can request a new debit card, activate it, and start withdrawing funds—often before the real account holder even notices something is wrong.Step 3: Lockout and exploitationOnce scammers take control, they move fast. They trigger password resets, request replacement bank cards, and rack up fraudulent purchases. If they get access to more sensitive information—like a Social Security number—they can open new credit accounts or even file tax returns in the victim’s name.Read more: What can someone do with a stolen Social Security number? Step 4: Ongoing damageBecause victims are locked out of their accounts, the fraud can go unnoticed for weeks. By the time they realize what’s happening, the scammer has already drained accounts, stolen identities, or sold the compromised data to other criminals. Address takeover scams are especially dangerous because banks and companies often don’t flag address changes as suspicious, making it easier for criminals to slip through without triggering security warnings.This is different from the familiar mail-forwarding scam. Instead of physically redirecting letters, online address takeover involves changing the digital address where key verifications and financial resources are sent.This is where ID Alerts from ExpressVPN’s Identity Defender comes in. Available to users in the U.S., it proactively scans hidden sites for your personal details and monitors address changes in your key accounts. If someone tries to change your address, you get an immediate warning—so you can stop scammers before they lock you out. Get ExpressVPNHow scammers get the data to pull this offOnline address takeovers rely on stolen personal information—often leaked in data breaches, scraped from public records, or traded on underground forums. Criminals mix and match details from different sources to bypass security checks and take over accounts. Here’s how they get their hands on that data:1. Data breaches Large-scale breaches happen when cybercriminals break into companies’ databases to steal usernames, passwords, and other personal details, including addresses and SSNs. Often, these end up on the dark web for sale. Criminals also trade or bundle data, so a single breach can lead to multiple forms of identity fraud. Victims often discover their information was found on the dark web after a breach notice.Data breaches can also happen due to third-party vulnerabilities. Even secure organizations can leak data through partners or outdated systems. For instance, the First American Financial breach (885 million records) resulted from an insecure website design flaw, exposing documents for 16 years without detection.2. Public records & data brokersNot all stolen data comes from hacks. Public records and data broker sites collect addresses, phone numbers, and birth dates, making it easier for scammers to validate identities. Even if a criminal only has part of your information from a breach, they can cross-reference details from people-search sites to build a full profile—enough to impersonate you when changing an account address.3. Dark web salesMany scammers buy ready-made identity kits on the dark web. These “fullz” (full identity packages) often include email logins, address histories, and financial data—everything needed to hijack accounts and change address details unnoticed.Read more: How much is your data worth on the dark web?4. Phishing scamsPhishing emails that look official might tempt you to click a link or provide personal data. Thieves use this to trick you into handing over important credentials and information. They might even claim they are from a “postal authority” needing to confirm your address. Once you click, they capture your username and password, which might open the door to your finances, shopping accounts, or online storage. Especially if you use the same password across multiple sites, as it gives criminals to access multiple accounts once one password is revealed.5. Physical mail theft & Wi-Fi snooping Traditional methods still play a role. Stolen bank statements or credit card offers provide enough details for scammers to fake identity verification steps when updating addresses. Unsecured public Wi-Fi also lets cybercriminals intercept logins if you’re not using a VPN.What happens once your address is hijacked?Once a scammer changes your registered address—whether on your bank account, email provider, or a retailer—the impact snowballs quickly. What starts as a simple update can lead to complete financial control, identity theft, and long-term fraud.Step 1: Your accounts are no longer yoursThe moment a scammer updates your address, they’re one step closer to locking you out entirely. Depending on which account they target first, they can:Change the primary email and phone number linked to your banking or email account, preventing you from receiving security alerts.Request a new debit or credit card and activate it at their new address before you realize anything is wrong.Reset passwords and security questions using their new address as a “verified” detail.Disable multi-factor authentication (MFA) or replace it with their own credentials.At this point, it becomes a race—if you don’t catch the fraud quickly, recovering your accounts can be nearly impossible.Step 2: Your mail and financial data are interceptedWith their address now linked to your accounts, scammers can redirect critical documents to themselves, including:Bank statements and credit card bills, helping them gather more personal details for additional fraud.Replacement credit and debit cards, which they can activate and use immediately.Loan or tax documents, allowing them to open new lines of credit or commit tax fraud in your name.If they gain access to enough financial details, they can even change your address with the post office, ensuring all of your important mail—not just specific account updates—is sent to them instead.Step 3: Your identity is weaponized for bigger fraudAddress takeover scams don’t just stop at intercepting your mail. Once scammers control an official address linked to your identity, they can:Apply for loans, credit cards, or financing in your name, maxing out credit before you’re even aware of it.Use your identity to commit tax fraud, filing fraudulent returns and stealing refunds.Take over retirement or investment accounts, requesting withdrawals or transferring assets.Pose as you for social engineering scams, using your updated address to convince banks, creditors, or even government agencies that they’re the real account holder.Some scammers even sell hijacked identities to other criminals, allowing multiple fraudsters to exploit your information for months or years.Step 4: The damage spreads across your digital footprintOnce one address-linked account is compromised, others become easier to take over. A hijacked banking address can lead to:Retail account fraud: Scammers can place high-value orders and have them shipped to their new address.Healthcare fraud: Fraudsters can attempt to use your identity for insurance claims or prescriptions.Home and car title fraud: In extreme cases, criminals have transferred home deeds or vehicle registrations into their names.Victims often don’t realize how deep the fraud runs until they see unfamiliar credit accounts, missing tax refunds, or legal notices tied to debts they never took on.How to protect your information from online address fraudThe best way to stop online address fraud is to catch unauthorized changes the moment they happen. Identity Defender’s ID Alerts is designed to do exactly that. Free for all new ExpressVPN subscribers in the U.S., it actively monitors for suspicious address updates, so if scammers try to change your details—whether on your bank, email, or retail accounts—you’ll receive an instant alert. Get ExpressVPNWithout this kind of monitoring, many victims only find out after scammers have hijacked their accounts. By the time fraud appears on statements or credit reports, the damage is already done.1. Monitor your account for unusual changesEven with ID Alerts, it’s important to watch for signs of fraud across your accounts:Unexpected confirmation emails: Notifications about address or contact info changes you didn’t request.Returned or missing mail: If your bank or credit card statements suddenly stop arriving, someone may have redirected them.Declined payments: If your billing address no longer matches your bank’s records, fraudulent updates may be to blame.If you spot any of these red flags, log into your accounts immediately to review your registered address. Contact your bank or service provider if anything looks suspicious.2. Use a VPN to protect login credentialsScammers steal personal data by tracking your online activity—especially on public Wi-Fi. A premium VPN encrypts your internet traffic, making it harder for criminals to intercept your login details or personal information. It also helps prevent attackers from gathering the data they need to change your address and take over accounts.3. Monitor for data breaches and take action fastMany address takeover scams start with stolen personal details from data breaches. If scammers get access to your login credentials, they can use those details to bypass security checks and change your address.Check if your email or personal data has been exposed using a breach-monitoring tool.Immediately update your passwords if your information has been leaked.Enable multi-factor authentication (MFA) on all key accounts to block unauthorized logins.Review your credit report for suspicious activity, like unrecognized inquiries or new accounts you didn’t open.4. Strengthen your passwordsEven if scammers have some of your personal information, a strong password can stop them from breaking into your accounts and changing your address. Use a password manager and generate and store long, random passwords. Add multi-factor authentication—this adds an extra step, like a text code or an authenticator app, which blocks thieves from logging in with just your password. Remember, never recycle old passwords. Thieves who have your login details from a past breach might try them on your social media or email accounts.5. Freeze your credit (if you spot suspicious activity)When you see evidence of fraud, a credit freeze prevents new loans or lines of credit from being opened. While it might be a mild inconvenience when you want to apply for credit yourself, it’s a strong line of defense that stops criminals from opening accounts in your name.6. Remove your details from broker sitesData brokers and people-search sites gather information from public records, social media, and more. This can put addresses, phone numbers, or partial financial details in one place for scammers to grab. ExpressVPN’s Identity Defender includes the Data Removal feature that finds and removes your details from these sites whenever possible. That means fewer places for criminals to look you up.Bottom lineOnline address fraud is a direct attack on your financial identity. If someone changes your address, they can lock you out of your own accounts, reroute sensitive documents, and commit fraud in your name—all without needing your password.Many victims don’t realize what’s happened until their bank cards stop working, bills go unpaid, or debt collectors come calling. At that point, it’s no longer just an address change—it’s full-scale identity theft.Stopping this kind of fraud requires real-time detection. Identity Defender’s ID Alerts monitors your accounts for suspicious address changes and warns you instantly—before scammers take control. Get Identity Defender with ExpressVPN (free for new U.S. subscribers), and take back control before fraudsters do. Get ExpressVPN The post How online address changes became the latest dark web threat appeared first on ExpressVPN Blog.