Snail mail thieves feed international identity theft rings say Oz cops

A little bit of social engineering, a little bit of lax physical security and a whole lot of pain

By Simon Sharwood


You may run security software, encrypt everything, protect your very complex passwords and use two-factor authentication for everything, but the humble mailbox and the snail mail it contains can still see your identity stolen.

So say Police in the Australian State of New South Wales, where Fraud and Cybercrime Squad detectives say they have “established direct links between international identity thieves and the large-scale theft of residential mail”.

Your correspondent has experience of this attack: friends noticed a bank statement envelope open in their letterbox and months later learned that parties unknown had used the information in the letter to socially engineer a bank call centre and establish a new user for an internet banking account. Months later, thousands of dollars disappeared*.

NSW Police say this kind of attack has now been industrialised, with folks called “boxers” wielding tools to pop simple locks and making organised raids on apartment buildings where the pickings are rich. The resulting haul of financial statements and bills are then sold to offshore criminals.

Police recommend applying your very own sturdy padlock to letter boxes as a deterrent, and suggest apartment buildings might care to point a CCTV camera in the direction of the problem. And if you take a holiday, ask a mate to clear your box before its bulge signals rich pickings. ®

* Happy ending: the bank 'fessed up to being fooled, returned the money and just about saved Christmas for my mates.

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Trump wants to work with Russia on infosec. Security experts: lol no

Thanks for Putin that out there

Microsoft 'kills' passwords, throws up threat manager, APIs Graph Security

Ignite Cloud lineup gets security overhaul with 2FA and new monitoring tools

FBI agents take aim at VPNFilter botnet, point finger at Russia, yell 'national security threat'

Feds warn admins malware is rather tough to destroy

Aggregate this: NewsNow has spilt a bunch of 'encrypted' passwords

Updated But no one will take the trouble to decipher them, right?

Please tighten your passwords and assume the brace position, says plane-tracking site

Data breach at Flightradar24 scored some email addresses and hashed passwords

SuperProf gets schooled after assigning weak passwords to tutors

Updated 'Super' + 'user's first name' login is crackers, see me after – clients

Samba settings SNAFU lets any user change admin passwords

Patch or risk Revenge Of The Users

Bombshell discovery: When it comes to passwords, the smarter students have it figured

If by 'smart' you mean one who 'gets good grades'

Russia to Apple: Kill Telegram crypto-chat – or the App Store gets it

We know you’re busy, Mr Cook, but please reply before we become … unpleasant

Web analytics outfit Mixpanel slurped surfers' passwords

LIbrary update slip means it's time to reset the 'Days since last big breach' counter to Zero