The U.S. Postal Service’s Informed Delivery service is cool. The free service sends users an email every morning with photos of the mail they can expect in the day’s delivery. It’s a convenient option for anyone anxiously awaiting the arrival of their Orphan Annie Secret Society decoder pin (or just too lazy to trudge to the mailbox every day). More than 6 million people have signed up for Informed Delivery, but they may rethink the decision after a recent warning from the U.S. Secret Service.
Tech watchdog Krebs on Security reports that the U.S. Secret Service sent an internal alert on November 6 warning that scammers are using the Informed Delivery feature “to identify and intercept mail, and to further their identity theft fraud schemes.” They also want to use the service to “surveil potential identity theft victims” on criminal forums, Krebs reports.
The alert was sent in the wake of a Michigan bust, where seven people were arrested for allegedly stealing credit cards from mailboxes and racking up $400,000 in charges after signing up as those victims at the USPS website. Krebs on Security had warned this was possible a year ago, bluntly calling Informed Delivery “a stalker’s dream.”
Reached for comment, a USPS spokesman sent the following statement:
“The fraud referred to is a matter of identity theft that has already been perpetuated by a criminal. Postal Service customer identities’ are not compromised by using the Informed Delivery feature. Unfortunately, in very few cases, an individual’s identity has already been compromised by a criminal who then has used it to set up an Informed Delivery account.”
He added that customers have two options to report a potentially fraudulent Informed Delivery account (or to block its address), either online at the USPS help desk or by calling technical support at 1-800-344-7779.
In the meantime, Krebs also notes that there is a “new security wrinkle,” because the perennially cash-strapped USPS is reportedly trying to generate a little income by selling third-party advertising on the emails it sends to subscribers. Look for an alert from the Secret Service warning about this in about a year.