It sounds like an awesome service – especially in the coronavirus era.
Under its “Informed Delivery” program, the U.S. Postal Service e-mails residential customers daily photographs of the front exterior of their incoming mail. The idea is to give you a heads up about what you’re going to receive in the mailbox that day. That way, if you have to hike to your mailbox in the lobby of your apartment complex or around the corner in your subdivision, you can decide if it’s worth the trip or if it can wait.
For any busy person, that sounds like a pretty good deal. And in this season of social distancing, when we’re all trying to stay indoors and away from other people as much as possible, Informed Delivery might appear particularly enticing.
Don’t be suckered in! Informed Delivery could potentially make you vulnerable to identity theft.
It's all about the information
As we’ve discussed a lot on this blog, identity thieves traffic in information – that’s how they make their mischief. Without information, they can’t cause havoc. So, the best way to protect yourself is to eliminate needless information sources that criminals can hijack for their own nefarious purposes.
Today, when we think of identity theft, we think of hackers slipping into databases to steal people’s personal information. But, keep in mind, criminals don’t need digital information in order to steal your identity. They just need information. And information can come from anywhere.
In fact, one low-tech strategy identity thieves often use to steal a person’s information is by rifling through their trash or peaking into their mailboxes, to see who they’re getting mail from.
You can see where I’m going with this, right? USPS’ Informed Delivery service creates a whole new avenue for identity thieves to steal a person’s information.
E-mail is not a secure way to communicate sensitive information.
There’s a reason your CPA advises you not to send your Social Security Number via e-mail. E-mail, like text messages, is not secure. It’s easy to hack and intercept.
That’s the danger of Informed Delivery. If a hacker can get access to your e-mail, he or she can view the exterior of every piece of mail you receive – daily. With that information, an identity thief can learn all kinds of things about you: Where you bank, what credit cards you have, the name and address of where you work.
It’s endless, and it’s an endless stream of information for the bad guys.
In fact, Informed Delivery makes identity theft easier. Under normal circumstances, thieves would have to wait out in the cold to check the contents of your mailbox. With Informed Delivery and a little computer hacking, they can monitor your correspondence from the comfort of their own home.
And don’t think I’m just being paranoid here. As far back as 2017, journalist Brian Krebs on the Krebs on Security blog warned that Informed Delivery could be attractive to identity thieves. Later, he reported that no less than the U.S. Secret Service had sent an internal alert to its law enforcement partners warning that criminals were using Informed Delivery to steal identities.
The Secret Service’s internal alert referenced a case in Michigan in which thieves used Informed Delivery “to identify and intercept mail, and to further their identity theft fraud schemes.” In other words, this isn’t just a problem in theory. Identity thieves know about Informed Delivery and have used it to commit crimes.
The Dallas Morning News’ Dave Lieber has also sounded the alarm over the Informed Delivery program. The national CBS News network and KMTV Channel 3 News in Omaha, Nebraska, among other news outlets and blogs, have reported on the dangers of the program, too.
Don't do it.
A couple of caveats. USPS does deserve some credit. It eventually recognized that Informed Delivery could be used for identity theft. Part of the sign-up process now involves the agency confirming the identity of new subscribers. It’s encouraging whenever government agencies acknowledge identity theft dangers. (As I’ve found out the hard way, too often they don’t.)
Also encouraging: USPS offers an Informed Delivery option in which you don’t receive e-mails, but rather have to login to the USPS website to view the photographs of your mail. That’s a better choice, but still not great, as a hacker could, in theory, steal your login information and get access to your online dashboard.
And just to be clear, Informed Delivery is not available for business clients – only residential ones, and some post office boxes. So, it’s not like Informed Delivery can directly endanger businesses.
But, then again, I know a lot of businesspeople who receive all or some of their business correspondence at their homes. If they subscribe to Informed Delivery, they could be endangering their businesses and not even know it.
Yes, Informed Delivery is a cool-sounding idea, especially now that as we’re all social distancing in the time of the coronavirus. But in this day and age, when cybercriminals are peering into every nook and cranny for people’s personal information, it’s just far, far too risky.
My recommendation: Don’t sign up!
Company Alarm is dedicated to helping business owners protect what they have worked so hard to build. Our monitoring software is designed to prevent cybercriminals from exploiting loopholes to hijack your company and assets. To sign up for this low-cost, value-added protection, click here.