Security

Snail mail thieves feed international identity theft rings say Oz cops

A little bit of social engineering, a little bit of lax physical security and a whole lot of pain

By Simon Sharwood

13 SHARE

You may run security software, encrypt everything, protect your very complex passwords and use two-factor authentication for everything, but the humble mailbox and the snail mail it contains can still see your identity stolen.

So say Police in the Australian State of New South Wales, where Fraud and Cybercrime Squad detectives say they have “established direct links between international identity thieves and the large-scale theft of residential mail”.

Your correspondent has experience of this attack: friends noticed a bank statement envelope open in their letterbox and months later learned that parties unknown had used the information in the letter to socially engineer a bank call centre and establish a new user for an internet banking account. Months later, thousands of dollars disappeared*.

NSW Police say this kind of attack has now been industrialised, with folks called “boxers” wielding tools to pop simple locks and making organised raids on apartment buildings where the pickings are rich. The resulting haul of financial statements and bills are then sold to offshore criminals.

Police recommend applying your very own sturdy padlock to letter boxes as a deterrent, and suggest apartment buildings might care to point a CCTV camera in the direction of the problem. And if you take a holiday, ask a mate to clear your box before its bulge signals rich pickings. ®

* Happy ending: the bank 'fessed up to being fooled, returned the money and just about saved Christmas for my mates.

Sign up to our NewsletterGet IT in your inbox daily

13 Comments

More from The Register

Trump wants to work with Russia on infosec. Security experts: lol no

Thanks for Putin that out there

Privacy, security fears about ID cards? UK.gov's digital bod has one simple solution: 'Get over it'

Yeah, how about you work for us...

UK spam-texting tax consultancy slapped with £200k fine

Generic privacy policies won't get you valid consent, says ICO

FBI agents take aim at VPNFilter botnet, point finger at Russia, yell 'national security threat'

Feds warn admins malware is rather tough to destroy

Bloke gets six months for fixing up Russia's US election trolls with bank accounts, fake identities

Pinedo avoids serious time after spilling beans to Mueller on account sales

Czech yourself, Russia! Prague says its foreign ministry was hacked for more than a year

Report claims that from 2016-2017 the FSB was reading agency's emails

France: Let's make the internet safer. America, Russia, China: Let's go with 'no' on that

Big names missing from 'Paris Call for Trust and Security in Cyberspace'

Russia to Apple: Kill Telegram crypto-chat – or the App Store gets it

We know you’re busy, Mr Cook, but please reply before we become … unpleasant

Google, AWS IPs blocked by Russia in Telegram crackdown

Two million addresses down, 4.2 billion to go - oh, plus the IPv6 address space

Soyuz later! Russia may exit satellite launch biz

Is it worth competing with SpaceX prices?