Fergal Parkinson
Published on: November 3, 2025
It began with a seemingly innocuous and everyday event – the delivery of a parcel to a domestic address in South London.
The name on the parcel – which appeared to contain branded materials from fast food transport giant Deliveroo – was unknown to the woman who lived in the house it was sent to. So she shared it on the street’s WhatsApp group, saying: “Does anyone recognise this name?”
No one did. But the next day one of those neighbours also received an identical parcel – and then another did, and another.
In total some six residents had been sent what, on closer examination, turned out to be starter kits for newly registered Deliveroo drivers. These were all addressed to names that are common in Eritrea and northern Ethiopia – but relatively unusual in this corner of London.
They were mystified – and not a little concerned.
One resident, Lizzie, recalled getting hers: “I opened it, and it was this starter pack. It had a waterproof top, another top, a big Deliveroo bag and a phone-holder of some sort. It just seemed very, very strange, which is why I thought there’s some kind of scam going on.”
What happened next convinced her there was indeed.
And that was a final demand from Thames Water for over £400 – and, again, it was sent to her home but addressed to someone she’s never heard of, this time with what appeared to be a Romanian name.
Calling Thames Water only deepened her sense of being targeted by dark actors: her account had been closed down and that Romanian man was now registered as living in her house.
Again, WhatsApp chat saw her discover that this had happened to at least one other neighbour too.
Both companies, Deliveroo and Thames Water, told the BBC’s You and Yours programme, which first reported the story, that they were investigating.
Lizzie and her neighbours believe their addresses were being used by drivers not qualified to work for Deliveroo – perhaps because they have criminal convictions or their immigration status doesn’t allow them to work – to bypass company checks. They suspect the connection with Thames Water is because the riders wanted a utility bill as proof of address to pass those checks.
Both companies, though, have played down the likelihood of this. So we may never know exactly what happened – who did it or why.
But the case is interesting nevertheless as an illustration of just how easy it can be for criminals to hijack someone else’s identity.
How could it have happened?
Both companies suggest their security protocols are usually robust.
But the missing factor in all this is the mobile phone numbers used in interactions with the two companies do not appear to have been properly scrutinised beyond a basic OTP check. Because had either company run checks on those they would almost certainly have flagged discrepancies:
The live and historic data associated with a phone number gives a unique and surprisingly extensive insight into the user and allows the assessment of risk and highlights red flags – in an instant.
In 2024 I wrote about a similar case in the US – that of the so-called ‘Queen of the Rideshare Mafia’, a Brazilian woman who made hundreds of thousands of dollars by allowing migrants with no working visa to work in the US gig economy for firms including Uber Eats
Now we can see what appears to be similar stuff is happening on this side of the Atlantic.
Account hijack is a real and growing problem. And in certain contexts it remains disturbingly easy to do.
And that’s scary because once someone has managed to take over one strand of your commercial identity it makes it much easier for them to take over other strands – and to start taking your money too.
Last updated on November 3, 2025
Discover how mobile number intelligence can expose hidden risks, flag suspicious activity, and protect identities in real time.
Learn how we help prevent account hijacking"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."
"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”
"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."
"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."
"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."
"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."
"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."
"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."
We provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >
