Snail mail thieves feed international identity theft rings say Oz cops
A little bit of social engineering, a little bit of lax physical security and a whole lot of pain
You may run security software, encrypt everything, protect your very complex passwords and use two-factor authentication for everything, but the humble mailbox and the snail mail it contains can still see your identity stolen.
So say Police in the Australian State of New South Wales, where Fraud and Cybercrime Squad detectives say they have “established direct links between international identity thieves and the large-scale theft of residential mail”.
Your correspondent has experience of this attack: friends noticed a bank statement envelope open in their letterbox and months later learned that parties unknown had used the information in the letter to socially engineer a bank call centre and establish a new user for an internet banking account. Months later, thousands of dollars disappeared*.
NSW Police say this kind of attack has now been industrialised, with folks called “boxers” wielding tools to pop simple locks and making organised raids on apartment buildings where the pickings are rich. The resulting haul of financial statements and bills are then sold to offshore criminals.
Police recommend applying your very own sturdy padlock to letter boxes as a deterrent, and suggest apartment buildings might care to point a CCTV camera in the direction of the problem. And if you take a holiday, ask a mate to clear your box before its bulge signals rich pickings. ®
* Happy ending: the bank 'fessed up to being fooled, returned the money and just about saved Christmas for my mates.
Sponsored: Becoming a Pragmatic Security Leader