Offline Security Concerns in Light of Recently Stolen Mail


In the online world there will always be debates and discussions over security and privacy.  What always surprises me is that everyone seems to be “up in arms” over security/privacy concerns surrounding your digital information over the internet, but never shows a comparison to the offline systems online deliver methods are intending to replace. 

I was compelled be blog about this today because of an ominous warning delivered to Gret and me today by the Sammamish police department.  Apparently theft of mail in the city of Sammamish is on the rise and a pile of our junk mail was found a few blocks away from our house.

They were calling any resident whose junk mail was found to warn them that any “interesting” mail was probably kept by the thieves and we should think about what we may have been missing from our mail and what sensitive information it might have contained.  This came with a warning to also look for any suspicious activity on our accounts and have our credit checked in the next couple of months for discrepancies. 

This has a few thoughts running through my head. 

Offline SPAM:  We spend more time each day triaging and “deleting” offline spam than we do deleting the e-mail variety.  Sometimes real letters will be overlooked while we fall victim and actually open a “final notice” scam mail. Offline spam burns me for more than the online variety.  The only reason to check offline mail regularly has been to empty the trash that clogs the mail box so it has room for the precious netflix deliveries.  The best use for this mail (since you shouldn’t really burn all of it) seems to be that it helped to alert me to the fact our mail had been stolen 2-3 days in a row. 

Mailbox Privacy: You don’t even have to steal mail to learn a lot about someone.  Anyone can go right up to your mailbox, open it up, and flip through everything to gain a TON of information about you over time.  Off the top of my head would be interests (magazine, newsletter, and paper subscriptions), past life (alumni mailers), financial status (bills/notices/credit card applications), and other (netflix member, bank, etc).  It’s sort of like leaving outlook open to your inbox on a public terminal all day long. 

Information Vulnerability: How dangerous is the information that is being sent by default through snail mail?  Could a credit card statement or water bill be used to steal your identity or do they conceal enough information?  Looking at a few of these items I began to think that no one item alone seemed insecure, but when you started pairing items to form a more complete picture there was cause for concern.

For example: Some utilities used to use pieces of a SS# as account numbers for individuals.  I honestly couldn’t find one the last time I looked, but then again, I haven’t been looking that hard.  Not hard to pick up and get a head start towards putting together the rest of the numbers.  Once you have that then you could use one of those ever handy credit card applications to get a new card in the mail… that you are stealing anyway. Once you do that you’ve already created a headache for the person you are screwing over.

Mitigations: Gretchen seems to think I’m crazy to start going down this path, but what concerns me is that this was not an isolated event.  The words used to describe the problem to me were “a rash of mail theft is occurring”.  That strikes me as having some form of organization to it rather than the typical teenage drinking and serial pedestrian mooning epidemics that generally are reported by the Sammamish police.  And when the lowlifes get more organized it seems to be time to step up the deterrents.

I’d like to not have to go to a PO box to pick up my netflix, but I don’t want any extra information delivered to my mail box.  So I’m on a mission to eliminate snail mail copies of bills, unwanted catalog, bank statements, etc.  So far, it’s hit or miss.  Mostly miss.  My bank has actually been sending me mail for a while asking me to save them costs and not have physical deliveries.  We took them up on the offer.  But beyond that it’s been difficult to find where the switches are for these things.  No luck with the credit card or various bill owners so far.  It will require actual phone calls if it’s even possible. 

I’m not even sure I’ll be able to stop the other SPAM mail I get since I don’t even know where it is coming from.  Has anyone ever had any luck preventing things like supermarket flyers addressed to “Resident” from arriving at their house?  Does anyone have any advice for someone looking to remove almost all non-digital deliveries to their house?  Am I crazy for being this concerned? 

Comments (23)
  1. Jeff Lewis says:

    This happened to me:

    http://consultutah.com/weblog.aspx?id=10

    Our mailbox is now locks and is in a large brick enclosure. We never leave out-going mail in the mailbox; we always drop it off at the post office.

  2. Mike Dimmick says:

    I’m assuming you have the mailbox-on-a-pole outside your house.

    In Britain we avoid the first concern by not having external mailboxes – most houses have a slot in the front door, anyone wishing to deliver something pushes it through the slot, at which point it’s in your house. We do have trouble sometimes with delivery staff being lazy and leaving large items on the doorstep rather than ringing the doorbell. We’ve also had trouble with the delivery staff stealing post – I once had a chequebook that went missing in the post, which I noticed by reading the statement. I also discovered that banks don’t check your signature! The signature on the stolen cheques looked nothing like mine.

    To assist with the problem of snail-spam, we have the Mailing Preference Service (http://www.mpsonline.org.uk/mpsr/), the equivalent of the do-not-call list. Maybe you have something similar? Ah yes: http://www.dmaconsumers.org/offmailinglist.html. Neither currently have legal force, however.

    Do credit card providers mail new cards to you? My current bank won’t send me a new credit card in the post (apparently debit cards are OK) – I have to pick them up from a branch.

  3. Eric Lippert says:

    If a letter is addressed to your house and has the right postage on it, I believe a mail carrier can go to jail for deliberately not delivering it to you. A sign up saying "no junk mail please" will almost certainly be ignored. Also, the postal service gets much of their revenue from "offline spam", so they have no incentive to curb it.

    If you’re worried about identity theft, the supermarket flyers are the least of your worries.

  4. josh ledgard says:

    I agree that offline SPAM is not the biggest concern, but it is ONE of the problems with having a mailbox that I would also like to ellimanate if I have the oppertunity to.

  5. gretchen says:

    to be clear, I don’t think Josh is crazy for being concerned about mail thief. Heck, I’m mad I missed this week’s People magazine. 🙂

    But seriously, my comment to Josh was that this has always been a big issue, and I found it interesting that he only got upset when the possibility of it happening to him occurred. He’s talking about having all paper copies of our bills stopped (which freaks me out as the bill payer in the house), but i think this issue is much bigger than that … and should probably be thought of from the angle of "how do I prevent mail theft?" (i.e. locked mailbox, picking up your mail as soon as you get home from work, etc) instead of "how do I stop sensitive information from being delivered to me?"

  6. Sean Malloy says:

    I have the same concerns.

    The othe rnight I was coming home after taking my daughter to the hospital. As I drove past the front of our house there was a guy clearning out my damned mailbox.

    I chased him down the street and called the cops on the mobile. I still don’t know what he took.

    I’ve switched to a PO Box. Its a pain to getthe mail, but atleast I know it will be there when its time to collect.

  7. William Luu says:

    In regards to the Bills, do you guys have something like BPay?

    Over here in Australia, we can use a service called BPay View (http://www.bpay.com.au/viewbills/viewbills_qa.asp), which allows us to view our bills online and pay for them online (or other method as specified by the biller). This eliminates the need for the paper bills. Never used it, but people who I know use it find it quite useful.

    From memory, most of our bills here in Australia (Phone/Gas/Electrical/Internet/Credit Card/Bank, etc…) can all be paid via the BPay service.

    So if you can find an equivalent over there, that’s probably going to solve your problem(s). Well, the bills issue anyway.

  8. AT says:

    How about e-Postmail delivery ?

    All your mail goes to some P.O. Box 1234 jlegard@Redmond – get semi-automaticaly scanned and pictures/OCR recognised documents are available for you to read online 😉

    This company will be able to filter mail to Bulk/Inbox folder.

    Yep. This can conflict with "No P.O. Box accepted" policy – but is it allowed to use forwarding service at your post-office ?

    Optionaly it can be possible to create additional country EUSA (Electronic USA) to keep your current addresses on mails – but use internet for delivery 😉

  9. Anonymous says:

    In Sammamish this is more serious than you may realize. I would take any steps you can to protect yourself. This has been a topic at town meetings with many concerned.

    Good news today in Sammamish however:

    Major ID Theft Ring Now Behind Bars

    SAMMAMISH – For five years, a ring of crooks stole mail and dug through the trash to rip off identities.

    http://komotv.com/news/story.asp?ID=33497

  10. josh ledgard says:

    Wow, not watching local news i would have missed that story. Good find. I wonder if they were connected. We’re going to go with a locking mailbox soon as well as trying to reduce the ammount of mail delivered to us.

  11. identity stolen says:

    > Apparently theft of mail in the city of

    > Sammamish is on the rise

    In some countries it is standard practice and people know not to send anything sensitive in mail. Usually the thieves are postal employees.

    > We spend more time each day triaging

    > and “deleting” offline spam than we do

    > deleting the e-mail variety.

    Who’s "We", and will "We" share their e-mail filters with the rest of us?

    > Some utilities used to use pieces of a SS#

    > as account numbers for individuals.

    So did the US government. If you had a US SS# for any reason, and if the US government displayed it or provided it to others for display to all random viewers, its security is gone. Its security does not come back when the US government stops displaying it. The only solution is to apply for a new number. The US government is rather slow about issuing new numbers (my SS# has been "applied for" for more than 10 years even though they set a deadline of 60 days) but that is still the only solution.

  12. Saurabh Jain says:

    There are ways to reduce the offline mails. Following site has some info on how to get off the credit card companies list.

    http://www.fdic.gov/consumers/consumer/news/cnwin9798/nothanks.html

    Also look at the DMA site, you can register their "do not mail list".

    http://www.dmaconsumers.org/cgi/offmailinglistdave

  13. We are in a fairly new housing development (3 years), so the mail for our block is centrally located in a box down the street. It’s guarded under lock and key, so mail theft shouldn’t be an issue for us until people start breaking into them.

  14. josh ledgard says:

    Identity:

    We = My wife and I.

    Email Filters = Microsoft has a corperate filter that stops a large % before it hits our inbox and the other is the built in outlook filters. Gmail is my filter for some of our external mail. Hotmail is the other. I set a strict (you have to know me) rule there for spam prevention that ensures it is only for my freinds to use.

Comments are closed.

Skip to main content