A stranger asks for my delivery address, how much information should I give?

  • There's this person online with whom I have only interacted a few times. They had asked me for a small favour, which I did. They then wanted to give me something in return as a thank you. They were going to post it, so they wanted my address.

    I am countries away and I'm not used to mail, especially international mail. I hate that I'm paranoid like this when I genuinely look forward to their gift, but I need to know to what extent do I share my details?

    What was the favour and what is the gift?

    If they know your name, your address might already be public, from i.e. homeowner or voter records. As an example: https://www.beenverified.com/people/carl-walsh/. It's a strange relic from before the internet era...

    The more likely scam would be that they ask you to cover the delivery cost (and never send you anything), or they "accidentally" send you too much and ask you to pay the difference, or it's a delivery-man scam (which would be avoided by not accepting the delivery in person), or one of countless other scams that might build on the rapport you have.

    I would ask them to deliver it to a Motel in another city and then collect it from there.

    You could look at mailbox services. E. G. https://www.accessstorage.com/business-services/mailboxes (I've no personal experienxe with this specific one, just my first google result)

    I am not very active information security contributor myself, but I wonder if this is the best place to ask (it would probably fit into social engineering). I find the question interesting tho so im giving my opinion. IMHO this nails down to: Do you trust him/her? If you do `Country, province, postal code, address and name`. Does your country postal service have mail boxes and you can rent one?. If you dont feel confident about it and you can use a PO box I would advise using them.

    There are a lot of "identify this possible scam" requests on https://money.stackexchange.com/. personally, I would have asked this one over there, but ymmv

    If you let us know what country you are living in, that might help come up with more concrete answers as to how far you can disguise your actual adress

    Someone is offering a disproportionate reward for a small favour. If it is not a scam, saying "no need to repay me, happy to help" is a kind and generous response. If it is a scam, the same response protects you from an appeal to greed. See @ccto response.

    Its' a straightforward scam.

    I don’t want to say that this *isn’t* a scam but this exact thing has happened to me before (somebody wanted to send me a material but inexpensive thank-you for helping them on Stack Overflow), and it wasn’t a scam.

    One suggestion is to ask them to instead make a donation to their favourite charity. You might suggest one of your own favourites. Chances are that that kind of gift will be more appreciated than some random thing given to you. (Now, if it is the start of a skam, you are not participating).

    How long & frequently have you interacted? A few times over a day? Week? Month? Year?

  • In the end, it all comes down to trust and risk. How much do you trust this person and how much do you want to give as far as details goes, what can someone do to harm you when they have your data? That you're asking here tells me you're not really sure if you can trust this person. There are risks involved (such as real life threats or maybe a possible scam) but it is not easy to identify risks without knowing the full situation, as you explained it rather vaguely.

    To me the whole situation sounds kinda phishy to be honest. Are you sure you didn't fall for a phishing or scam attempt by helping this other person?

    Most countries do have PO boxes and other rent-able post solutions such as Poste Restante (as suggested by Molot in the comments) so you don't have to give out your own personal details.

    "In the end, it all comes down to trust. How much do you trust this person" It's beyond that - in the end, it all comes down to risk. How much wreckage could this person create with this trust.

    +1, but don't forget Poste Restante - it is free, in some areas even more available than boxes, and offer similar protection to PO box, you only reveal general area where you live, or post office that's convenient for you. And this does not even have to be post office near your home, depending on country you may be able to select one near your work or at arbitrary address, or it may be one post office available for poste restante in whole city. Sender will not know anything more than the fact you can drive to this particular office.

    Or you could have it sent to your office, if this is something which is allowed/common where you live.

    @WoJ exposing where you work is arguably more risky, as it gives a fast and easy way for blackmail "Do what I want or I send ___ to your employer".

    @Mołot: maybe. This really depends on the risk context ("I do not want the guy to know where I live so that I am not robbed" vs. your example)

    @Mołot Added Poste Restante to answer, thank you for the suggestion.

    @Beanluc Agreed, added to answer, thank you for the suggestion

    We don't know what the gift is. In theory, the gift could be an Amazon Echo device that is configured to "phone home". Would Osama bin Laden accept an unknown gift through general delivery? Not likely - and neither should you.

  • Many countries' postal systems have general delivery by which you can receive a package held at a post office for you to pick up, without having to give the sender an address. This might be an option for you.

    In order for anyone else to assess how risky the situation is, I think you need to elaborate more on your relationship with the sender and the favor you performed for them. The vague way you've stated it is a big red flag for scams, involvement in money laundering, etc. but it may be that you've just poorly stated the situation out of a wish for privacy. At the very least though you should mention (or at least reflect upon for yourself) whether you had any relationship with the person prior to their asking you for a favor and whether you expected to be compensated in any way for the favor.

    Short of renting a PO box at the post office, this is the best option, the disadvantage being that you will not receive notification of reception, you just have to check in with the post office until it gets there.

    @DrunkenCodeMonkey Depends on the country and system. For example Australia Post now offers a "Parcel Collect" option which is effectively a form of Poste Restante with notifications (when addressed with a customer number you sign up for). Check what your local postal services offer.

    @DrunkenCodeMonkey Agreeing with Bob. In Germany we also have the option to receive SMS or eMail notifications upon receiving mail which was delivered to a post office.

  • The whole favour thing--which they initiated--sounds rather like a setup aimed at getting your personal info. So I would recommend being very cautious here, and graciously declining their offer. Ask them to "pass it on" or "pay it forward" or something. The more they demand to get your info, the more suspicious you have a right to be.

    "Pay it forward" great advice. Just because I do a favour for a stranger, doesn't mean I now have to trust that stranger. It's called a confidence trick, not because I give the trickster my confidence, but because he gives me his. He asks me for a favour, to make *me* trust *him*.

    The OP could use customs complications and lack of familiarity with international mail as tactful reasons to prefer pay-it-forward to a physical gift.

  • Depending on the country you are in, your physical address is enough to do quite a lot of damage, or at least cause a huge amount of nuisance. Common examples:

    • An antagonist using your address to order delivery of unwanted, pay-on-delivery things (pizzas being the canonical example, but I've also been subject to Internet pranksters sending evangelicals to my home to try to convert me)
    • Being "doxed" and have your private information put online for stalkers/harassers to take advantage of
    • In the US, Swatting, which has resulted in deaths and significant property damage
    • Your address can also be used to socially-engineer others into e.g. giving up other identifying information, seizing domain names, or making you an unwitting part of a "lost delivery" or "brushing" scam

    So you are probably right to limit sharing your mailing address to people you don't know if you can trust with the information.

    As other answers have stated, you can minimize your exposure by using a PO box or similar; you may also be able to find mail hold-and-forward facilities that can handle individual pieces of mail or parcels (which usually charge by the piece of mail and whatever additional handling is necessary for the forwarding itself); this can be much more convenient to you than a PO box, as well as less costly overall since you don't need to rent it on a monthly basis.

  • Be careful about personal information. There was a crime in Austria reported some days ago, where people ordered stuff online to some strangers addresses and then redirected it through an app from the delivery service. Of course they never paid anything but the strangers got payment reminders.

    I've got a news article about this, but unfortunately only in german. (Try a translater): https://wien.orf.at/news/stories/2948455/

  • Just giving out the address is no problem, as long as you limit it to the address. Don't you have phone directories "white pages" or similar where you live?

    Think about it, hundreds of people probably have your home address. Of course, any of them could send you something illegal, immoral etc but as long as you act reasonably (E.g., you open an envelope and there is something that looks like drugs in, as long as you immediately call the police and you live in a reasonable country, nothing will happen to you. Rather, you will be greeted as some local hero if some local paper hears of the story.) there won't be any problems.

    Same goes for this situation.

    Downvoted because in my opinion (and as explained in other answers below) there are risks involved.

    Give three examples of where people have got into trouble after ONLY giving out their postal address and where sending this information to an outsider was the culprit.

    Read the answer of fluffy down below for some possible risks. I'd like to add postal fraud to that as seen in the answer that Lithilion gave, which is a common thing in the Netherlands to do for example.

    @d-b even if an address associated with a name itself were not in any way misusable by a motivated player, we still don't know what other information that person already has from other sources about OP, so handing out the address might only be one further puzzle piece they require to achieve their nefarious goals. Not saying there is anything nefarious going on though, to gauge that is ultimately up to OP.

    I live in 2018 so I haven't seen a "white pages" in at least a decade

    @KevinVoorn Give me your e-mail address and will send you my address, phone number, birth data and social security number. All this (as well as my taxed income, grades from school and university and a lot more data) are public here.

    @d-b I'd advise against that :-)

  • You could ask them to send it to a local post office or delivery centre, that way you can only give them a very approximate location of where you are, ie city or town.

    In the UK, you can do so as specified here: https://www.royalmail.com/personal/receiving-mail/choose-local-collect/

    Although I'm not sure on how specifically to do so in other countries, but it gives you an idea, and I'm sure there will be similar services offered in this way where you are.

  • In the UK, Belgium and Holland, most corner shops are part of one or more logistics networks, and hence drop-off points for senders; with many also pickup points. Often (via say Amazon.UK or Bol.com etc) you can choose them as destination from webshops. These same networks should fit in the chain that gets the package to you.

    It's a very reasonable idea to tell the sender: You'll be out at work (though I use my work address for such, which has a receptionist!) so would hate to miss the gift. So go to the cornershop where they know you by sight or name, ask if you can get it delivered in your name ["A.E. Neumann, C/O The Corner Shop, 12 High Street, Mummerset"] there. This doesn't unload the risk onto them, as its your name and their location so not relevant to any bank account or so.

    But consider they might find your real address even then. E.g., in the UK, I was surprised when googling my name for free it clearly hints my longterm partners (several addresses shared over time; precise up to city quarter if not paying for the data; a mixture of Electoral roll data before opting out, and other sources).

    I wouldn't judge this approach risky; in the real world there's thousands of instances where your details have been taken at a higher risk. I once got one UK parking fine (escalated over months of non-paying) while not owning a car, having no driving license, nor living (nor having lived) in the country; somebody had declared to the parking attendant that it was my car, and passed my details (collected from a B&B guest registration years before, in another country, because very very specifically misspelled)! Of course in ID-card-less UK there's no trace of the original declarant (I bet the then-owner), and I think no legal way for an individual like me to find the car owner's info from their numberplate. To get the bailiffs off eventually took months, hours of paperwork, various registered letters, and a statement from the DVLA (the UK "DMV") that I wasn't the owner.

    What does this add to the other 6 answers?

    You can find the registered keeper's name and address from DVLA provided you have "reasonable cause": https://www.gov.uk/government/publications/v888-request-by-an-individual-for-information-about-a-vehicle

    @MartinBonner Ah, I didn't know that! Probably has been the case since long; this was when Altavista still held sway, so it wasn't that obvious for us to find out from outside of the UK.

    @TomK. It adds that I describe a feasible way of avoiding the risk in the first place without exposing a neutral/friendly party (the Cornershop). Then I try to weigh the newly-taken risk --- it's still nonzero, so why not "don't do it!" as answer? --- with the background noise of fraud risk, using the parking fine example. My focus isn't on the particular case and whether to do/not do it; my focus is on once you've decided to do it, how to minimize the risk.

    @user3445853 Ah. Altervista. Yes. Right. a) The form would not have been on the government website (there *wasn't* a government website then); b) the rules may well have changed since then.

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM

Tags used