USPS Truck

Photo via Alexander Marks/Wikimedia

Criminals are using the U.S. Postal Service to steal customer’s identities

Maybe don't sign up for this service.

 

Nahila Bonfiglio

Tech

Posted on Nov 9, 2018   Updated on May 21, 2021, 2:01 am CDT

The Secret Service sent an internal memo this week alerting that packages tracked using the Informed Delivery program through the U.S. Postal Service can be used to steal someone’s identity.

The Informed Delivery program came under criticism last year by Brian Krebs of KrebsOnSecurity, who called it a “stalker’s dream,” and by Dave Leiber of the Dallas Morning News. Both writers correctly assumed that the program could easily be used to commit identity fraud.

Those who are signed up for the Informed Delivery program receive an email each morning with photos of their incoming mail. An internal alert sent on Nov. 6 by the Secret Service noted seven cases in Michigan in which credit cards were allegedly stolen from mailboxes, racking up a collective $400,000 in debt. All of the mailboxes belonged to people signed up with the USPS program.

A spokesperson for USPS told Leiber last week that “fraud cases are very low,”  but evidence shows the opposite is true. Leiber himself tested the theory, writing about opening an account in his stepmother’s name to see how easy it would be to track her information. It turned out to be very easy.

He answered four simple questions, some searchable and others that he guessed, and was approved. For nearly a week, he was able to track numerous letters, including statements and offers from credit card companies.

There aren’t many options for those hoping to opt out of the service. A permanent block on your address is the only assured way to avoid being a potential target, for which residents will need to contact eSAFE@usps.gov to ask to be excluded, according to the Dallas Morning News. Every member of your household will need to be excluded, otherwise a stranger could claim to be a resident. Responses from this account are not reliable, however, potentially leaving residents vulnerable.

KrebsOnSecurity noted another potential security gap. The addition of interactive advertisements into daily emails could easily be abused, particularly considering the ads are matched to residents based on their mail.

H/T KrebsOnSecurity

Share this article
*First Published: Nov 9, 2018, 2:52 pm CST