What is diversion theft?

Diversion theft is a social engineering tactic that tricks individuals or businesses into redirecting valuable goods or information to an unintended recipient. Originally an offline scam known as the "round the corner game," it has changed into sophisticated cyber-enabled schemes that exploit trust and weaknesses in logistics and security systems.

As O’Reilly explains, diversion theft is a “con game” in which attackers deceive delivery and transport companies into believing their services are needed elsewhere. By deceiving companies, the scammers may be able to intercept shipments, sometimes posing as legitimate delivery agents. They may also deliver compromised products embedded with rootkits or spying hardware, ensuring their deception goes undetected long after the exchange.

How diversion theft works

Diversion theft can occur both offline and online, but the concept remains the same: intercepting a transaction and diverting it to an unauthorized party. This type of fraud threatens supply chains, businesses, and consumers alike, often resulting in substantial financial losses.

Offline, criminals pose as legitimate couriers or authority figures to deceive delivery personnel into rerouting shipments. They may use fake documentation, altered instructions, or even impersonate recipients to gain control of valuable goods. In one case, thieves in the UK intercepted high-value pharmaceuticals by masquerading as logistics company representatives, leading to losses worth millions. Criminals also exploit insider threats, bribing or coercing employees within logistics companies to facilitate unauthorized diversions. Additionally, some operations involve organized crime networks that systematically target high-value shipments, using stolen or cloned delivery vehicles to make their schemes more convincing.

Online, diversion theft is often executed through phishing attacks, where scammers impersonate trusted sources to manipulate users into disclosing tracking numbers or approving shipment redirections. Cybercriminals also deploy malware to infiltrate supply chain systems, gaining unauthorized access to logistics platforms and rerouting deliveries without detection. According to a 2023 report by the FBI’s Internet Crime Complaint Center (IC3), business email compromise (BEC) attacks, a form of social engineering that includes diversion theft, led to over $2.4 billion in reported losses globally. Cybercriminals also take advantage of vulnerabilities in third-party logistics providers, exploiting weak security protocols to alter shipping information. Some even use deepfake technology to create realistic voice or video messages that deceive employees into approving fraudulent shipment changes.

Read more: 

• What is a phishing attack? 
• What is malware? 

Diversion theft in healthcare: HHS warning

The FBI and the Department of Health and Human Services issued an advisory on June 24, warning that cybercriminals were using diversion theft schemes to steal payments from healthcare organizations. The advisory outlines mitigation strategies to help reduce the risk of these attacks. According to the agencies, threat actors frequently use phishing tactics to access employees' email accounts before pivoting to steal login credentials associated with reimbursement payments to insurance companies, Medicare, or similar entities. In some cases, cybercriminals employ social engineering tactics, calling an organization's IT help desk while posing as employees to request password resets, effectively diverting access to sensitive financial accounts.

The American Hospital Association (AHA) first became aware of this scheme in January, while HHS issued an advisory on similar threats in April.

“This alert underscores the ongoing and serious nature of these diversion theft and social engineering schemes, as the AHA continues to receive reports of similar incidents targeting IT and human resources help desks,” said John Riggi, AHA's national advisor for cybersecurity and risk. “Bad actors exploit stolen personally identifiable employee information to reset passwords and enroll new mobile devices, allowing them to intercept multi-factor authentication codes. In addition to following the recommended mitigations, healthcare organizations should consider conducting social engineering tests on help desk operations and implementing multi-person authentication for any modifications to organizational-level payment instructions.”

Examples of diversion theft

Brazil: High-end electronics syndicate

One of the most well-documented diversion theft cases involved a criminal syndicate in Brazil that specifically targeted high-end electronics. The criminals infiltrated logistics companies by placing insiders within the organizations or bribing employees to gain access to routing and tracking systems. Once inside, they manipulated delivery instructions, rerouting shipments to fraudulent destinations before they could reach their intended recipients.

Brazil has seen a rise in cargo theft, particularly in São Paulo and Rio de Janeiro, where hijackings and sophisticated supply chain manipulations are common. The National Association of Cargo Transport and Logistics (NTC&Logística) estimates that losses from cargo theft in Brazil exceed $1 billion annually, with electronic goods being a primary target.

Europe: Fashion and luxury goods targeted

In Europe, diversion theft has increasingly targeted high-value luxury goods. In 2019, a group of criminals infiltrated a major European logistics network and rerouted a shipment of Rolex and Omega watches valued at over €5 million. The perpetrators used stolen credentials and counterfeit waybills to redirect the shipment from its intended retailer to a private warehouse, where the watches were quickly moved to the underground market.

According to the Transported Asset Protection Association (TAPA), diversion theft in Europe has been rising due to vulnerabilities in digital logistics systems, with thieves exploiting weaknesses in tracking software and electronic documentation.

Why diversion theft is effective

Diversion theft exploits social engineering tactics, targeting human psychology rather than technical vulnerabilities. Attackers create a false sense of urgency and use perceived authority and deception to pressure victims into making quick decisions. The complexity of modern supply chains further enables these scams, as multiple third parties handle logistics and communication, increasing the likelihood of fraudulent instructions going unnoticed. Without clear verification protocols, employees may unintentionally authorize changes that redirect shipments into the wrong hands.

Verifying legitimate transactions in real-time presents another challenge. Many companies depend on automated systems and digital communication, which cybercriminals manipulate to introduce fraudulent changes. A mix of human error and technological blind spots makes identification and prevention of these schemes difficult. Limited oversight across multiple supply chain partners further complicates detection, allowing fraudulent activity to slip through unnoticed until it is too late. 

Read also: What is social engineering? 

How to prevent diversion theft

According to EasyDMARC, preventing diversion theft requires a combination of vigilance, strict security protocols, and employee training. Organizations should enforce multi-step verification for shipment modifications, ensuring any changes receive approval from multiple authorized personnel before rerouting goods. Maintaining a clear chain of custody and using tamper-proof seals on shipments can further reduce the risk of unauthorized diversions.

Cybersecurity awareness remains necessary, as phishing and social engineering tactics are common tools for attackers. Employees should be trained to identify suspicious requests, verify unusual communications, and report potential threats. Implementing AI-driven fraud detection systems helps monitor shipment patterns, flagging anomalies that may indicate fraudulent activity.

Physical security measures, such as background checks on logistics partners and strict identification procedures for couriers and recipients, add another layer of protection. Surveillance systems and real-time GPS tracking provide visibility into shipment movement, allowing for immediate intervention if a package is unexpectedly diverted. Strengthening these security measures helps businesses safeguard their supply chain and reduce the risk of diversion theft.

Related: Detecting fraud in healthcare through emerging technologies 

In the news

In January 2025, hackers pulled off a diversion theft at Ballari District Co-operative Central (BDCC) Bank, stealing $280,000 (Rs 2.34 crore) by tampering with the bank’s transaction system. Instead of breaking into accounts, they manipulated files during routine transfers, changing account numbers and codes while keeping the beneficiary names the same. This clever trick allowed them to redirect large sums into 25 fake accounts across different states without raising immediate suspicion.

The fraud went unnoticed for three days until customers reported missing funds. When the bank investigated, it found that transactions had been rerouted. The bank shut down it’s transfer services and filed a police complaint, leading to a cybercrime investigation. Authorities are now working to trace the fake accounts and recover the stolen money.

The case proves a growing problem—cybercriminals aren’t just hacking passwords anymore; they’re exploiting system loopholes. Financial institutions need stronger security, real-time monitoring, and stricter verification processes to stop these attacks. If banks don’t act fast, more money could be lost to similar scams.

For now, BDCC Bank has assured customers it’s taking steps to improve security. But this incident is a wake-up call for the entire banking sector as these attacks grow more prevalent.

FAQs

How does diversion theft differ from traditional cargo theft?

Diversion theft relies on deception and social engineering to manipulate legitimate transactions, while traditional cargo theft often involves direct physical theft, such as hijacking trucks or breaking into warehouses.

What industries are most vulnerable to diversion theft?

Industries handling high-value goods, such as pharmaceuticals, electronics, luxury items, and financial services, are prime targets due to the attractiveness of their shipments and the complexity of their supply chains.

Can small businesses be targeted by diversion theft?

Yes, small businesses are often at risk because they may lack security protocols, making them easier targets for social engineering tactics and phishing attacks used in diversion theft.

What role does insider threat play in diversion theft?

Insiders, such as employees with access to shipment details or logistics systems, can facilitate diversion theft by leaking information, altering delivery instructions, or bypassing security measures.

How can businesses quickly detect a potential diversion theft attempt?

Unusual shipping requests, last-minute changes to delivery details, unverified sender communications, and discrepancies in tracking information are common red flags that businesses should investigate immediately.