
While online data theft has gotten the lion’s share of the attention lately, snail mail information theft has had a recent resurgence. Thieves can find all sorts of interesting information in your utility and medical bills, insurance and financial statements, and credit offers. All the bad guys need is enough information to convince someone else that they are you. And your mail can contain a lot of very personal information.
But this would mean that someone would need to be surreptitiously digging in your mailbox all the time. How practical is that? Well, it turns out that it’s a lot easier than you think. In fact, it can be done from anywhere in the world. The US Postal Service has an online tool called Informed Delivery that will let you see scans of every piece of mail you’ve received – including the mail that is bound for your mailbox today. You have to set up a free account using your name, home address and an email address. And then you must verify your identity by answering four “knowledge-based authentication” questions. The answers to many of these questions could be answered using services like Lexus Nexis or from a credit report. (Remember the Equifax breach?).
The Early Bird Gets the Identity Theft
This can be a really handy service. You could use it to see if that important package or letter is arriving today. You can even look back over the last week to see if you somehow missed something that was supposed to have been delivered.
But if the bad guys successfully register for an Informed Delivery account in your name, they can use this service to know when to intercept letters containing information they can use to steal your identity, opening charge cards or loans in your name, and even accessing your health benefits. (Of course this info would also be a boon to a stalker.)
Plant Your Flag, Claim Your Turf
When confronted with this problem, the US Postal Service started sending confirmation letters to your home address, notifying you that someone has signed up to view your scanned mail. Though, of course, if I’m scanning your mail and have access to your mailbox, I could intercept that notice.
The primary way to safeguard against this situation is to beat the bad guys to the punch. Go ahead and register for the service now – even if you don’t intend to use it. Use a strong password and store it in a password manager.
And While You’re At It…
By the way, you should also do this for other governmental accounts like the IRS and Social Security Administration. Crooks have been using these online accounts to file fake tax returns claiming large refunds in your name. They have even rerouted social security checks. On the IRS site, you can set up a PIN code to prevent someone from submitting a fraudulent return.
You can also fight snail mail identity theft by signing up for online statements for financial, medical, insurance and governmental notices.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!