While online data theft has gotten the lion’s share of the attention lately, snail mail information theft has had a recent resurgence. Thieves can find all sorts of interesting information in your utility and medical bills, insurance and financial statements, and credit offers. All the bad guys need is enough information to convince someone else that they are you. And your mail can contain a lot of very personal information.
But this would mean that someone would need to be surreptitiously digging in your mailbox all the time. How practical is that? Well, it turns out that it’s a lot easier than you think. In fact, it can be done from anywhere in the world. The US Postal Service has an online tool called Informed Delivery that will let you see scans of every piece of mail you’ve received – including the mail that is bound for your mailbox today. You have to set up a free account using your name, home address and an email address. And then you must verify your identity by answering four “knowledge-based authentication” questions. The answers to many of these questions could be answered using services like Lexus Nexis or from a credit report. (Remember the Equifax breach?).
The Early Bird Gets the Identity Theft
This can be a really handy service. You could use it to see if that important package or letter is arriving today. You can even look back over the last week to see if you somehow missed something that was supposed to have been delivered.
But if the bad guys successfully register for an Informed Delivery account in your name, they can use this service to know when to intercept letters containing information they can use to steal your identity, opening charge cards or loans in your name, and even accessing your health benefits. (Of course this info would also be a boon to a stalker.)
Plant Your Flag, Claim Your Turf
When confronted with this problem, the US Postal Service started sending confirmation letters to your home address, notifying you that someone has signed up to view your scanned mail. Though, of course, if I’m scanning your mail and have access to your mailbox, I could intercept that notice.