Previous occupier fraud happens when someone moves out of a property and the new occupant, or anyone with access to it, uses personal details from post arriving for the former tenant to commit identity fraud. It accounts for nearly one in ten identity fraud cases in the UK. Private renters and HMO tenants face a disproportionately high risk because they move more frequently, share letterboxes with others, and often delay updating their address with their providers.
Key Takeaways
- Previous occupier fraud accounts for 9.2% of all identity fraud in the UK, according to Cifas.
- HMO tenants are most at risk because they move frequently and share communal letterboxes with others.
- Being a victim can damage your credit file for years, block mortgage and rental applications, and cost hundreds of hours to resolve.
- The cost of resolving identity fraud far exceeds the cost of a change of address notification service.
- Moveinout lets you notify over 9,000 organisations from a single platform, closing the fraud window on moving day.
What is previous occupier fraud?
When you move home, your personal post does not automatically stop arriving at your old address. Bank statements, HMRC letters, DVLA correspondence, credit card documents, NHS appointment letters, all of it continues going to your old address until you update your details with each service provider. That window between your move and your address updates being processed is when previous occupier fraud can occur.
A fraudster, or simply a dishonest new occupant, who has access to that post can gather enough personal information from it to impersonate you. Your name, current address, date of birth, National Insurance number, account numbers and sort codes can all appear in standard correspondence from banks, government departments and utility companies. With that combination of details, a fraudster can apply for credit cards, loans or phone contracts in your name, redirect your existing accounts, or sell your identity to criminal networks.
You may not discover the fraud for weeks or months. By the time it surfaces on a credit check or through a debt collection letter, the damage is already done and unpicking it takes significant time and effort.
How big is the problem in 2026?
Identity fraud is growing at pace. Cifas recorded a 6% increase in total fraud cases in 2025 on top of record figures in 2024. Criminals are increasingly using AI to build convincing false identities at scale and speed. The personal details that arrive in ordinary post, such as a bank statement, an HMRC letter or a utility bill, remain the raw material for this kind of fraud.
What makes previous occupier fraud particularly damaging is that victims often have no idea it has happened until it affects them directly: a declined mortgage application, a credit card they never applied for, or a letter from a debt collector for a loan they never took out.
Why HMO and private renters face the highest risk
Previous occupier fraud is a risk for anyone who moves home. But private renters, and HMO tenants in particular, face a significantly elevated version of it for reasons specific to how shared housing works.
Frequent moves
Royal Mail research found that people in the UK move on average every 18 months. For HMO tenants, that figure is often lower. Students move annually at the end of the academic year. Young professionals in major cities move every 12 to 18 months as jobs, relationships and finances change. Each move creates a fresh window of exposure. An HMO tenant who has lived in three different properties over four years has had three separate periods during which their post may have been arriving at an address they no longer occupied.
Shared communal letterboxes
In a house-share or HMO, post typically arrives in a shared communal area such as a hallway shelf, a communal table or a letter rack by the front door. This post is accessible to every person in the property. In an HMO with four or five rooms, that means multiple individuals, some of whom a former tenant may never have met, have physical access to their correspondence.
High turnover creates confusion
HMOs have high tenant turnover by nature. When a room is vacated and re-let, the new occupant arrives at a property that may still have post accumulating for two or three previous tenants. In busy HMOs near universities or city centres, a single address can see a dozen different tenants come and go over a few years, each potentially leaving a trail of misdirected post behind them.
Delayed address updates
Research shows that 23% of home movers take at least two weeks to update their address with key organisations. One in five people forget to tell their bank. For renters moving under time pressure, end of tenancy, a last-minute property change, that delay is even more common. Two weeks of bank statements and HMRC letters arriving at a shared HMO address is two weeks of fraud exposure.
Around three million people in the UK currently live in shared housing, according to the COHO Future of HMOs 2025 report. That is three million people whose address-update habits directly determine their exposure to previous occupier fraud, and many of them do not realise how significant that exposure is.
How previous occupier fraud actually happens
The fraud typically begins with access. A new tenant arrives at a property and finds post for one or more previous occupants already waiting. It might be a bank statement, a letter from HMRC, a credit card statement, or correspondence from the DVLA. In most cases, the new tenant returns the post or ignores it. But in a fraction of cases, someone either deliberately opens it or notes the information visible through an envelope window.
That information, including a name, address and partial account number, is then combined with other data, often obtained from data breaches, social media, or purchased on criminal forums, to build a more complete identity profile. With a full profile, a fraudster can apply for credit in the victim's name, typically targeting products with quick online approval processes where identity checks are less thorough.
It is worth being specific about what information appears in ordinary post and what a fraudster can do with it:
- Bank statements: Full name, sort code, account number, recent transactions. Enough to attempt account takeover or to answer security questions for phone-based banking.
- HMRC letters: Full name, address, National Insurance number, and tax reference. The NI number is particularly valuable and is used as an identifier across government and financial services.
- DVLA correspondence: Name, address, date of birth, and driving licence number. Sufficient to apply for credit using a driving licence as ID verification.
- Credit card statements: Name, address, partial card number, and spending patterns. Enough to attempt social engineering attacks on card providers.
- Utility bills: Name, address, and account number. Commonly used to verify identity alongside other documents.
- NHS letters: Name, address, date of birth, and NHS number. Can be used as supporting ID in applications that accept healthcare correspondence.
The real consequences of being a victim
Previous occupier fraud is not a minor inconvenience. The consequences of identity fraud ripple through a victim's financial life for months or years after the initial fraud occurs. Understanding what is at stake makes clear why prevention is so much more valuable than recovery.
Direct financial loss
The most immediate consequence is money taken in your name. A fraudster who successfully opens a credit card or personal loan in your name runs up debt that initially appears on your credit file as your own. While banks have processes for investigating and writing off fraudulent debt, the resolution is not instant and not guaranteed. The Home Office estimates total fraud losses against individuals in England and Wales at £9.2 billion for 2023 to 2024, with identity fraud the single largest contributor. Not all of that is recovered. In cases of identity fraud specifically, a meaningful portion of losses falls on victims who cannot prove they did not make the application.
Credit file damage that blocks major life decisions
This is where previous occupier fraud causes the most lasting harm. When a fraudster makes a credit application in your name, the lender carries out a hard search on your credit file. That search remains visible to every other lender for 12 months and causes your credit score to drop, even if the application is eventually rejected or flagged as fraudulent.
If a fraudulent account is opened in your name and goes into arrears or default before you discover it, the damage is far more severe. A default can remain on your credit file for six years. During that period:
- Mortgage applications are likely to be declined or offered at significantly higher rates
- Rental applications can be rejected by letting agents who run credit checks
- Car finance applications may fail
- Opening new bank accounts may be difficult
- Mobile phone contracts may require large deposits or be declined entirely
For an HMO tenant hoping to eventually rent their own flat or apply for a mortgage, a fraudulent default caused by a previous occupier incident can derail those plans for years. The fraud happened because someone found your post. The consequences follow you long after you have moved on.
Hundreds of hours of your time
Resolving identity fraud is time-consuming, stressful, and often requires chasing multiple organisations simultaneously. The typical resolution process involves: reporting to Action Fraud and obtaining a crime reference number; contacting each affected lender individually; disputing entries with Experian, Equifax and TransUnion separately; potentially involving a solicitor if fraudulent accounts are significant; and registering with Cifas for Protective Registration to prevent further fraud.
Research from the United States, where fraud resolution data is better documented, finds that identity fraud victims spend an average of 200 hours resolving their case. UK victims face a broadly similar process. Two hundred hours is five full working weeks. That is time taken away from work, family and everything else.
Emotional and psychological impact
Beyond the financial and administrative consequences, being the victim of fraud carries a significant emotional toll. Cifas and UK Finance both note that fraud victims frequently report feelings of violation, anxiety about their financial security, and lasting distrust of financial institutions. In more serious cases where large sums are involved or where resolution takes years, the psychological impact can be substantial.
Risk of escalation
Identity fraud does not always stop at one fraudulent credit application. A fraudster who has successfully built a profile using your details may sell that profile to criminal networks, meaning your information circulates among multiple fraud operations. Victims have found themselves dealing with fraudulent accounts appearing across different lenders over a period of months or years, each new discovery reopening the resolution process.
The worst case: One individual documented by Equifax UK became liable for £164,000 of debt after their passport was stolen and used to set up bogus companies that ran up debts with German tax authorities. While this is an extreme example, it illustrates that previous occupier fraud using more basic personal details from post can have consequences that are far harder to contain than many people assume.
The cost of fraud vs the cost of prevention
The comparison between the cost of being a fraud victim and the cost of protecting yourself is one of the starkest in personal finance. Very few other risks in everyday life have such a large gap between the cost of the problem and the cost of avoiding it.
| Item | Cost of being a fraud victim | Cost of preventing it |
|---|---|---|
| Direct financial loss | Potentially thousands of pounds in fraudulent debt | Nothing. Prevention eliminates this risk entirely. |
| Time to resolve | Up to 200 hours across multiple agencies and lenders | 20 to 30 minutes to update your address with Moveinout |
| Credit file impact | Hard searches and potential defaults lasting up to 6 years | No impact |
| Mortgage/rental applications | Likely declined or significantly delayed for years | No impact |
| Royal Mail Redirection | Still required even after fraud occurs | From £45 for 3 months as a safety net |
| Cifas Protective Registration | £30 required to prevent further fraud after being a victim | £30 as a precaution. Optional but recommended. |
| Solicitor/legal costs | Potentially needed for serious cases. Hundreds to thousands of pounds. | None |
| Emotional stress | Significant. Ongoing anxiety, distrust, and lasting psychological impact. | Minimal. Around 20 minutes of admin on moving day. |
The point is not that a change of address service makes you immune to all fraud. It is that the specific fraud type this blog is about, previous occupier fraud driven by post arriving at a previous address, is almost entirely within your control to prevent. The post stops arriving at your old address when you update your address with the organisations sending it. That is the entire mechanism of the fraud, and updating your address removes it.
The cost of not doing so is vastly disproportionate to the cost of doing it. A few minutes and a small amount of money spent on moving day can prevent years of credit file damage, hundreds of hours of resolution time, and potentially thousands of pounds of fraudulent debt.
How to protect yourself when you move
This is the most effective thing you can do. The sooner your providers have your new address, the sooner post stops arriving at your old property. Use a change of address service to do this quickly across all providers at once.
Running Royal Mail Redirection for 12 months catches post from any provider you have not yet updated, forwarding it to your new address rather than leaving it at the old property. It is not a permanent fix, but it is a valuable safety net during the transition period.
The Mailing Preference Service removes your name from most direct marketing mailing lists, reducing the volume of promotional post arriving at your old address after you have moved.
Cifas Protective Registration adds a marker to your name on the National Fraud Database for two years. Any organisation running a credit or identity check sees the marker and carries out additional verification before approving any application in your name. It costs £30 and is worth considering for anyone who has lived in an HMO or shared property.
Check your credit file with Experian, Equifax or TransUnion after every move. If a fraudulent application has been made in your name, it typically appears on your credit file before you discover it any other way. Most credit reference agencies offer free basic checks.
How Moveinout closes the fraud window
The fraud window is the period between moving day and the last organisation updating their records with your new address. Every day that window is open, your personal post is arriving at an address you no longer control.
For most people who update their address manually, calling their bank, writing to HMRC, logging into each provider's website separately, that window stretches to weeks or months. Research shows 23% of home movers take at least two weeks to start notifying companies, and many never complete the full list.
Moveinout closes that window on moving day. It is an online change of address service covering over 9,000 UK organisations across 24 categories, from banks and government departments to your GP, dentist, optician, vet, school and private pension provider. You enter your details once, select who needs to know, and Moveinout dispatches notifications to every provider on your behalf. A dashboard shows which organisations have been notified so you can keep track and make sure nothing has been missed.
For HMO tenants who move frequently, using Moveinout on every move means the fraud window is consistently minimised, not just on one move, but on every move throughout the years spent in shared housing. When you consider the potential cost of a single fraud incident against the time it takes to use Moveinout, the case for doing it on every move is straightforward.
Close the fraud window on moving day.
Moveinout notifies over 9,000 organisations on your behalf, including banks, government departments, your GP and your council, all from one process in minutes.
Update my address with Moveinout →No queues. No paperwork. One platform.
What to do with post arriving for a previous occupier
If you move into a property and find post arriving for the previous tenant, handle it carefully.
What to do
- Write "Not at this address, return to sender" clearly on the unopened envelope
- Put it back in the post. Royal Mail will return it to the sender.
- If it keeps happening, report persistent misdirected post to Royal Mail so they can note the address
- Return financial and government correspondence promptly rather than leaving it in a communal area
What not to do
- Do not open post addressed to someone else. This is illegal under the Postal Services Act 2000.
- Do not attempt to contact the previous occupant's bank or other providers on their behalf
- Do not dispose of post without shredding it. Personal details on envelopes and inside letters can be retrieved from recycling.
- Do not leave post from a previous occupant accumulating in a communal area where multiple people have access
Quick summary: protecting yourself from previous occupier fraud
- Previous occupier fraud accounts for 9.2% of all UK identity fraud and is driven entirely by misdirected post arriving at former addresses
- HMO and private renters face the highest risk because of frequent moves, shared letterboxes, and high tenant turnover
- Being a victim can damage your credit file for up to six years, block mortgage and rental applications, and take up to 200 hours to resolve
- The cost of prevention is a fraction of the cost of recovery: a few minutes on moving day versus potentially years of credit file damage
- Moveinout covers 9,000+ organisations across 24 categories. Update everyone in one online process on moving day.
- Run Royal Mail Redirection alongside Moveinout for maximum post coverage during the transition period
- Consider Cifas Protective Registration at £30 for two years, particularly worthwhile for frequent movers and HMO tenants
- Monitor your credit file after every move to catch any fraudulent activity quickly
Frequently Asked Questions
The most common questions about previous occupier fraud and how to protect yourself when moving home.
Previous occupier fraud happens when someone moves out of a property and the new occupant, or someone else with access to it, uses personal details from post arriving for the former tenant to commit identity fraud. They may use that information to apply for loans, credit cards or other financial products in the victim's name. It accounts for 9.2% of all identity fraud in the UK, according to Cifas.
The Home Office estimates total fraud losses against individuals in England and Wales at £9.2 billion for 2023 to 2024, with identity fraud the single largest contributor. Beyond direct financial loss, victims typically spend weeks or months, in some cases up to 200 hours, resolving fraudulent accounts, disputing credit file entries, and dealing with debt collectors for borrowing they never made. Credit file damage from fraudulent defaults can last up to six years and block mortgage and rental applications throughout that time.
Previous occupier fraud accounts for 9.2% of all identity fraud in the UK. Over 444,000 fraud cases were recorded to the National Fraud Database in 2025, the highest number ever recorded, with identity fraud making up 54% of all filings. Cifas described the rise as one of the sharpest annual increases ever observed.
Hard searches from fraudulent credit applications remain on your credit file for 12 months, causing an immediate dip in your score. If a fraudulent account is opened and goes into default before you discover the fraud, the default can remain on your file for six years. During that period, mortgage applications, rental applications, and car finance applications may all be declined or offered on worse terms.
HMO tenants move more frequently than homeowners, often every 12 months or less. Post in HMOs typically arrives in a communal area accessible to all housemates and strangers. When a tenant moves out without updating their address, their post continues arriving at the shared letterbox where anyone in the property can access it. With around three million people in the UK living in shared housing, this is a widespread and underappreciated risk.
The most effective protection is updating your address with every organisation that holds your details on or immediately after moving day. Moveinout lets you notify over 9,000 organisations in one online process, closing the fraud window as quickly as possible. You can also set up Royal Mail Redirection as a short-term safety net, register with the Mailing Preference Service to reduce promotional post, consider Cifas Protective Registration, and monitor your credit file regularly after each move.
Royal Mail Redirection reduces the risk by catching post sent to your old address and forwarding it to you. But it does not update your address with the organisations sending post, so once the redirection expires, your post goes back to your old address. The most effective protection is combining Royal Mail Redirection with a change of address notification service, which updates your records permanently at the source.
Cifas Protective Registration adds a warning marker to your name on the National Fraud Database for two years. When any organisation runs a search on your name, they see the marker and carry out additional verification checks before approving any application. It costs £30 and is particularly worth considering for anyone who moves frequently or has lived in shared housing where their post may have been accessible to others.
Write "Not at this address, return to sender" on the unopened envelope and put it back in the post. Do not open it, opening post addressed to someone else is illegal under the Postal Services Act 2000. Do not leave it sitting in a communal area. If post keeps arriving for a previous occupant, report it to Royal Mail. Do not dispose of it without shredding, as personal details can be retrieved from recycling.
As soon as possible after moving day. Every day your address is not updated is a day your personal post is arriving at an address you no longer control. Using Moveinout on moving day lets you notify over 9,000 organisations in one process, closing the fraud window immediately and minimising the time during which your correspondence is at risk.
Move safely. Update your address on moving day.
Moveinout notifies over 9,000 UK organisations on your behalf: banks, government departments, your GP, your council, your utilities and more. Close the fraud window the moment you move.
Get started with Moveinout →No queues. No paperwork. Notifications dispatched on your behalf.
