Security

Snail mail thieves feed international identity theft rings say Oz cops

A little bit of social engineering, a little bit of lax physical security and a whole lot of pain

By Simon Sharwood, APAC Editor

13 SHARE

You may run security software, encrypt everything, protect your very complex passwords and use two-factor authentication for everything, but the humble mailbox and the snail mail it contains can still see your identity stolen.

So say Police in the Australian State of New South Wales, where Fraud and Cybercrime Squad detectives say they have “established direct links between international identity thieves and the large-scale theft of residential mail”.

Your correspondent has experience of this attack: friends noticed a bank statement envelope open in their letterbox and months later learned that parties unknown had used the information in the letter to socially engineer a bank call centre and establish a new user for an internet banking account. Months later, thousands of dollars disappeared*.

NSW Police say this kind of attack has now been industrialised, with folks called “boxers” wielding tools to pop simple locks and making organised raids on apartment buildings where the pickings are rich. The resulting haul of financial statements and bills are then sold to offshore criminals.

Police recommend applying your very own sturdy padlock to letter boxes as a deterrent, and suggest apartment buildings might care to point a CCTV camera in the direction of the problem. And if you take a holiday, ask a mate to clear your box before its bulge signals rich pickings. ®

* Happy ending: the bank 'fessed up to being fooled, returned the money and just about saved Christmas for my mates.

Sign up to our NewsletterGet IT in your inbox daily

13 Comments

More from The Register

FBI agents take aim at VPNFilter botnet, point finger at Russia, yell 'national security threat'

Feds warn admins malware is rather tough to destroy

Symantec ends cheap Norton offer to NRA members

NRA calls it 'a shameful display of political and civic cowardice' and some users agree

Dr Symantec offers quick and painless checkup for VPNFilter menace on routers

Traffic-fiddling malware may have met its match

Russia to Apple: Kill Telegram crypto-chat – or the App Store gets it

We know you’re busy, Mr Cook, but please reply before we become … unpleasant

Symantec shares slump after revealing internal investigation

It's not a security problem, but full-year results will likely be late

Symantec offloads its certs and web security biz to DigiCert

Reports solid Q1 and makes spats with Google and Mozilla someone else's problem

Google, AWS IPs blocked by Russia in Telegram crackdown

Two million addresses down, 4.2 billion to go - oh, plus the IPv6 address space

Soyuz later! Russia may exit satellite launch biz

Is it worth competing with SpaceX prices?

Techies! Britain's defence secretary wants you – for cyber-sniping at Russia

Also wants journos to do gov info ops, but let's focus on sensible idea

Russia tweaks Telegram with tiny fine for decryption denial

FSB wanted keys, messaging outfit said Nyet