StaySecure360
Physical Security

Delivery Impersonation Risks in Workplaces

Fake couriers and delivery personnel are a proven social engineering tactic. Learn how attackers use delivery impersonation to gain physical access to secured premises.

Published 14 April 2026

Delivery Impersonation Risks in Workplaces

The rise of e-commerce has normalised a constant stream of delivery personnel entering workplaces. Attackers exploit this normalisation by posing as couriers, engineers, or maintenance staff to gain unchallenged access to secured areas.

Why It Is Effective

Reception staff and employees are conditioned to expect deliveries. A person carrying a parcel, wearing a high-visibility vest, or holding a clipboard triggers an automatic assumption of legitimacy. Challenging them feels disruptive and rude.

Common Scenarios

  • A fake courier delivers a parcel containing a rogue device (e.g., a modified USB charger with a built-in keylogger)
  • An attacker in a utility uniform claims to be there for a scheduled maintenance visit that was never booked
  • A "flower delivery" is used to access a floor that requires badge access, with a real employee holding the door

Protective Measures

1. Verify all deliveries: Cross-reference unexpected deliveries with purchasing or facilities teams before accepting.

2. Require ID: All external visitors, including couriers, should present identification.

3. Designated reception areas: Deliveries should never bypass the reception desk.

4. Pre-register expected visitors: Facilities teams should maintain a daily expected visitor log.

5. Train reception staff: Empower them to challenge and escalate, without fear of being seen as unhelpful.

Filed under

Physical Security

Protecting buildings, offices, and physical assets from unauthorised access, tailgating, and impersonation.

Related Articles