• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Government Cyber Security » Hack the Post Office – Your Personal Information Delivered Overnight

Hack the Post Office – Your Personal Information Delivered Overnight

2018-11-14 by Michelle Dvorak

USPS Informed Delivery Fraud

Identity Thieves Target USPS Mail Scanning Service

USPS Informed Delivery Welcome
USPS Informed Delivery Welcome

The U.S. Secret Service issued an internal warning stating multiple field offices reported that the new United States Postal Service (USPS) Informed Delivery service is being used to commit credit card fraud scams and identity theft. Mail customers who sign up for the service may view images of their postal mail and track incoming packages online in the USPS app. Hackers are redirecting scanned mail notifications away from the legitimate owners, to themselves in order to intercept new credit card accounts and other banking information, according to a Krebs on Security post.

The USPS introduced the new service, known as Informed Delivery, sends residential mail recipients notifications to let them know what snail mail is on the way to their homes. With the service, mail recipients can preview their mail online from anywhere in the world. The service rolled out to a limited area in 2014. It expanded in 2017 making it a more desirable target for hackers.

USPS-Informed-Delivery-Signup
USPS Informed Delivery Signup

How do scammers hack the USPS Informed Delivery mail preview service? Identity thieves sign up random people’s home addresses for Informed Delivery. Names and addresses are available from public records like voting rosters, real estate information, and telephone directories. Yes those big fat phone books still exist! Just last weekend, we had a phone book dropped off on the front doorstep. After regarding it and laughing at how important those phonebook listings once we, we promptly escorted it into the recycling bin without ever taking it out of its wrapper.

Back to the ID theft. When you sign up for Informed Delivery, you can choose to have a postcard mailed to your house with a verification code or you can verify your identity online. Of course, hackers go with the online verification otherwise they’d have to be at your house to intercept the mail. I chose to verify my identity online.

I was asked four super simple questions that obviously came from real estate records. Identity thieves are able to pass the security verification questions with information found on social media and from easily accessible records. One of the services used to verify USPS customer identity is sourced from Equifax. You know Equifax, right? The credit bureau was hacked earlier this year. The private information of over 145 million US customers and 700,000 UK customers was stolen. One Equifax manger was already Convicted of Insider Trading. The then Equifax CEO Richard Smith appeared before Congress. The insider trading case against Former Equifax CIO Jun Ying is not yet decided.

Is this ID verification process secure? No. To help with security and fraud issues, the USPS added more security to their Informed Delivery service. As of February 16, the Postal Service notifies households by snail mail whenever anyone using that address signs up to receive these scanned notifications. Using their wholly owned delivery system makes more sense than asking a few online questions just about anyone can answer with a little Googling. However, even with the snail mail confirmation and online interrogation, there are still security issues. Hackers still have a window of a few days from signing victims up for email scanning until the notification is delivered to scam whatever comes to them via the notification service.

USPS-Informed-Delivery-Success
USPS-Informed-Delivery-Success

What is the Postal Service’s USPS Informed Delivery program?

The United States Postal Service’s Informed Delivery service allows users to preview their mail and manage packages scheduled for delivery. (Because well know how useful USPS package tracking is!) Informed Delivery sends users black-and-white images of the exterior, address side of letter-sized mail. USPS Informed Delivery service currently has 13 million users

Images are only provided for letter-sized mail that are processed by automated mail handling equipment. With Informed Delivery, residential mail customers can preview incoming mail thought their online account, schedule re-delivery, and track Packages. This service is not available for businesses. The feature is provided for free and is a great service for those who travel frequently as long as thier identities have not been scammed :(.

According to a Fast Company post, a USPS spokesman sent the following statement:
“Unfortunately, in very few cases, an individual’s identity has already been compromised by a criminal who then has used it to set up an Informed Delivery account.”

Filed Under: Government Cyber Security Tagged With: Informed Delivery, USPS

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version