Planning on swiping the package requires you to be local to the victim, and willing to assume a high level of risk and time - this is not often close to the truth. These people are often not even within the United State.
What you are describing exists but it would be far more likely that you would know them - and it’s a sloppy drunk family member/friend/coworker. They would not be in the game for long doing this.
Credit Card Numbers by themselves are technically worthless because you have no guarantee they aren’t just randomly generated.
Verified Credit Cards are worth significantly more on the black market. There is no reason to set off fraud detection by using a fake address. Those resellers do not want the goods - they want good credit card numbers.
Significantly less risk in reselling numbers compared to goods and no logistics, or fencing, to speak of.
For Dishwasher Tablets. This goes into way more depth than ya need but they skip a whole ass wash cycle - which is why there are 2 places for your soap in your dishwasher.
If it is for piracy - I have used Nord VPN for 6+ years now because it’s like 2 years for $100 and I am just fine. I have never received a letter, or an email about piracy.
As always check for a DNS leak and if possible setup a VPN kill switch (built-in Nord), or use Qbitorrent (my choice) which has its own kill switch.
If you want a VPN for more nefarious purposes I can’t, and wouldn’t help with that.