Welp, another day and another way for thieves to violate your privacy and commit credit card fraud.
Scammers have figured out how to view your mail before it even arrives at your house, and have used this advantage to open credit card accounts in victims' names and then time the theft of new cards from mailboxes pretty much the moment they arrive. And the tool giving crooks this edge comes courtesy of the United States Postal Service.
So notes Krebs on Security, which reports on a Secret Service notification sent to law enforcement on Nov. 6. At issue is something called Informed Delivery, which gives those who sign up the ability "to view greyscale images of the exterior, address side of letter-sized mailpieces and track packages in one convenient location."
SEE ALSO:The hackers getting paid to keep the internet safeEssentially, it's an online portal for seeing what mail is on its way to you. This, it turns out, is a huge help to scammers who have managed to open up accounts in the names of unwitting individuals — which sounds shockingly easy to do.
The Secret Service warning reported by Krebs on Security makes note of a Michigan case where seven people stand accused of stealing credit cards out of mailboxes and racking up hundreds of thousands of dollars in charges.
To create an Informed Delivery account, a person needs to provide a name, address, and email. You also have to verify that you really are who you say you are, and that's where it gets sketchy. A person opening an account can chose to verify his or her identity online, which this reporter did, and is presented with a series of so-called "knowledge-based authentication" questions.
Easy.Credit: screenshot / uspsThese questions include old chestnuts like where you've lived in the past, and what state issued your Social Security number. As Krebs on Security points out, at lot of these answers are easily found through Google searches or are no longer private thanks to incidents like last year's Equifax hack.
Notably, USPS is aware that this can be abused, and now mails you a notice that you've signed up for this service. However, if a thief signs up for the service immediately after the fraudulently ordered credit card has been mailed, it's likely he or she can get the card before the USPS notification arrives.
Sneaky, right?
There are a few steps you can take to protect yourself against this attack. For starters, open your own USPS Informed Delivery account. That way, if scammers attempt to do so in your name at your address, it'd be too late. That is, unless someone else also lives at your address — say, your spouse or roommate — because in that case your address is still vulnerable.
You can also try a more direct measure. According to the Dallas Morning News, you can opt out of the entire thing by emailing [email protected] and requesting that they block an "individual account."
Just make sure your roommates do the same.
TopicsCybersecurity
相关文章:
相关推荐: