Offline Security Concerns in Light of Recently Stolen Mail
In the online world there will always be debates and discussions over security and privacy. What always surprises me is that everyone seems to be “up in arms” over security/privacy concerns surrounding your digital information over the internet, but never shows a comparison to the offline systems online deliver methods are intending to replace.
I was compelled be blog about this today because of an ominous warning delivered to Gret and me today by the Sammamish police department. Apparently theft of mail in the city of Sammamish is on the rise and a pile of our junk mail was found a few blocks away from our house.
They were calling any resident whose junk mail was found to warn them that any “interesting” mail was probably kept by the thieves and we should think about what we may have been missing from our mail and what sensitive information it might have contained. This came with a warning to also look for any suspicious activity on our accounts and have our credit checked in the next couple of months for discrepancies.
This has a few thoughts running through my head.
Offline SPAM: We spend more time each day triaging and “deleting” offline spam than we do deleting the e-mail variety. Sometimes real letters will be overlooked while we fall victim and actually open a “final notice” scam mail. Offline spam burns me for more than the online variety. The only reason to check offline mail regularly has been to empty the trash that clogs the mail box so it has room for the precious netflix deliveries. The best use for this mail (since you shouldn’t really burn all of it) seems to be that it helped to alert me to the fact our mail had been stolen 2-3 days in a row.
Mailbox Privacy: You don’t even have to steal mail to learn a lot about someone. Anyone can go right up to your mailbox, open it up, and flip through everything to gain a TON of information about you over time. Off the top of my head would be interests (magazine, newsletter, and paper subscriptions), past life (alumni mailers), financial status (bills/notices/credit card applications), and other (netflix member, bank, etc). It’s sort of like leaving outlook open to your inbox on a public terminal all day long.
Information Vulnerability: How dangerous is the information that is being sent by default through snail mail? Could a credit card statement or water bill be used to steal your identity or do they conceal enough information? Looking at a few of these items I began to think that no one item alone seemed insecure, but when you started pairing items to form a more complete picture there was cause for concern.
For example: Some utilities used to use pieces of a SS# as account numbers for individuals. I honestly couldn’t find one the last time I looked, but then again, I haven’t been looking that hard. Not hard to pick up and get a head start towards putting together the rest of the numbers. Once you have that then you could use one of those ever handy credit card applications to get a new card in the mail… that you are stealing anyway. Once you do that you’ve already created a headache for the person you are screwing over.
Mitigations: Gretchen seems to think I’m crazy to start going down this path, but what concerns me is that this was not an isolated event. The words used to describe the problem to me were “a rash of mail theft is occurring”. That strikes me as having some form of organization to it rather than the typical teenage drinking and serial pedestrian mooning epidemics that generally are reported by the Sammamish police. And when the lowlifes get more organized it seems to be time to step up the deterrents.
I’d like to not have to go to a PO box to pick up my netflix, but I don’t want any extra information delivered to my mail box. So I’m on a mission to eliminate snail mail copies of bills, unwanted catalog, bank statements, etc. So far, it’s hit or miss. Mostly miss. My bank has actually been sending me mail for a while asking me to save them costs and not have physical deliveries. We took them up on the offer. But beyond that it’s been difficult to find where the switches are for these things. No luck with the credit card or various bill owners so far. It will require actual phone calls if it’s even possible.
I’m not even sure I’ll be able to stop the other SPAM mail I get since I don’t even know where it is coming from. Has anyone ever had any luck preventing things like supermarket flyers addressed to “Resident” from arriving at their house? Does anyone have any advice for someone looking to remove almost all non-digital deliveries to their house? Am I crazy for being this concerned?