The United State Postal Service (USPS) launched a program called “Informed Delivery” with the goal to assist consumers in protecting themselves from identity theft. The program allows consumers to register an account on usps.gov which allows one to view scanned images of all of their incoming mail for free.
However, it is being reported that the Secret Service issued an internal alert to its field offices that the delivery service is being used by criminals to commit identity theft and credit card fraud on the very residents who are trying to protect their identity.
Apparently the criminals are signing residents up for the service, providing their own email address to get the scans, and then opening up new credit cards in the residents’ names, and pulling them out of the mailbox before the resident can retrieve the mail. The resident never knows that the credit card was opened or that it was stolen from their mailbox.
The problem, outlined by KrebsonSecurity, is that USPS allows more than one adult living in the household to register as a user, and uses knowledge based questions to authenticate the user. We all know that knowledge based questions are easily compromised through social media, the dark web and previous data breaches.
Placing a security freeze on your credit accounts doesn’t help the situation. Apparently someone can still open a USPS account in your name even if you have a security freeze on your accounts.
Opening an account in your name to prevent others from doing so might not work either because USPS allows anyone living in the home to open their own account, so you would have to open an account for everyone living in your home, which could include grown children who no longer live at home, or elderly parents if you forwarded your mail to their home.
Krebs reports that sources have told him that 20,000 new account registrations are being processed every day, and that USPS is monitoring the accounts and deleting any that it believes are fraudulent.
On top of all of this, USPS is allowing advertisers “to publicize content that contains interactive links, which could be abused by malefactors posing as legitimate advertisers.”
You are supposed to be able to opt out of the program by emailing the USPS at eSafe@usps.gov.