Having your identity stolen can be distressing and very time-consuming to rectify. Identity theft occurs when a person is fraudulently represented using sensitive personal information such as full name, social security number (SSN), birth date, and address. Of the many sources where thieves steal this data, physical junk mail is an extremely easy target.
Identity fraud most commonly targets secure loans, credit cards, payment systems, and other forms of financial services. And some of the junk mail you receive — including credit card offers — will carry some of that information.
Occasionally identity theft is done maliciously in order to disrupt a person’s life and livelihood. Having your private information stolen directly from such as junk mail sitting in your mail can feel like a personal attack. But ultimately, you may never know where the ID thieves got the information.
It’s likely that you take care of your online accounts and your wallet, but how much attention do you pay to your mailbox? A lot of very sensitive information passes through our mailboxes, sometimes daily. This comprehensive guide will take you through the types of mail you need to watch out for, how identity theft using junk mail can occur and what you can do to stop it.
Here’s a list of common mail types and why you need to act now to secure your identity.
Categories of mail that carry sensitive data
Personal documents: This includes any papers with your social security number (SSN), birth date, or driver’s license number. It also includes information relating to employment or the IRS, or taxes.
Financial documents: Bank statements, letters of offer, or any other official financial correspondence from banks, credit unions and other lending facilities. This includes store cards, new checkbooks, credit card statements, and invoices.
Junk documents: Companies can purchase your personal contact details from marketing databases and may include this information in solicitation attempts. Common examples include insurance offers, mail order services, and credit card pre-approvals.
Child/minor documents: Any correspondence that identifies your children, their medical information, school information, applications, financial aid forms, or field trip authorizations.
Business documents: Any paperwork that comes to your home address that relates to business dealings. Particularly important if you own a small business and use your home as your mailing address, work from home, work as a contractor, or have a mobile business.
Accounts documents: Papers with identifying details that relate to online accounts including usernames, email accounts, subscriptions, bills, accounts, real estate correspondence, magazines, and recurring donation solicitations.
How identity theft happens through the mail
There are a few common ways criminals use stolen personal documents to assume your identity. When you know what criminals are watching for you can take steps to protect yourself and your family.
Banking and credit card invoice theft
If criminals can get hold of your credit card invoice, they can likely use the information to imitate you and add charges to your card including purchases and cash withdrawals. Credit card invoices may include enough information for thieves to call the credit card company and impersonate you. When this happens, criminals commonly redirect statements to a new address or apply for an increased limit without your knowledge. Both of these actions extend the time a person is unaware of the crime.
Outgoing mail theft
Any mail you leave in an unsecured place for the postal service to collect is vulnerable to theft. Along with any personal information you may be sharing with legitimate companies, mailed checks are extremely valuable to thieves. Mailed checks can be intercepted and make you vulnerable in two ways. First, the check can be cashed and the money stolen. Second, that check and any accompanying information like account details can be used to assume your identity at a later stage.
While most people don’t think twice about putting sensitive mail into the mailbox, any items you put into the mailbox are vulnerable to attack unless you have a locked mailbox system (common in the US for apartments and townhome developments).
Still, most mailboxes are safe most of the time, but they are sometimes targeted by thieves because of how easy it is to get away with the crime.
One type of mailbox theft is known as “mail fishing”. This method is used by ID thieves to retrieve people’s envelopes out of blue mailboxes on the street.
Mail fishing involves using a trap that is lowered into the mailbox with a piece of string. Thieves can pull out up to 20 letters at a time with this technique. Sometimes the boxes themselves may be vandalized and broken into.
How to protect yourself against identity theft
There are two main strategies you can use to reduce the chance that your identity will be stolen through junk mail exploitation or theft. The first is to secure your incoming data by managing the documents you do receive. The second is to reduce the amount of vulnerable information being sent to you in the first instance.
Managing sensitive documents and information
- When discarding junk mail, do not tear the documents and dispose of them into insecure garbage collection. Shred vulnerable documents, soak them in water and bleach, or burn them
- Move your finances online and stop paper billing
- Routinely monitor your accounts for unusual activity (you may want to sign up to a credit monitoring service or identity theft protection)
- Send sensitive mail directly from the post office rather than a street-side mailbox
- Use a lockable mailbox at home so it can’t be accessed without a key, or install a door slot for mail and request USPS use the slot
- Consider using a PO Box to remove your physical address from your mail for added security
Reducing the inflow of documents that hold sensitive data
Marketing databases are valuable to companies because they hold a staggering amount of personal information about consumers. Companies can target their customers based on a range of recorded characteristics and will personalize offers with as much information as possible to secure a sale. This flow of information is not secure. You will need to take action to stop this.
Where possible, request to only receive digital copies of documents from companies. Also, be wary about where you sign-up and submit your information. Some websites discretely sell data they collect from users to third parties, like companies who turn around and use that information to advertise via mail.
Block pre-approval offers from arriving in your mailbox
Credit card companies ask credit bureaus to provide them with the details of people with good credit. The credit card companies then use this information to send pre-approved credit offers in the hope of expanding their business. This is legal and there is no way to prevent the data-sharing, but there is a way to stop credit companies contacting you with pre-approvals, even when you meet their criteria.
Click on the link to go to OptOutPrescreen.com. This website is for US citizens only and entering your information there will block any pre-approvals from occurring for 5 years. Opt-Out Prescreen is a free service offered by the credit rating bureaus (Experian, Equifax, Transunion, Innova).
If you want to permanently remove yourself from consideration you will need to print and fill out a form available on the site (mail it from the post office!).
The website is secure, so you can be confident that your data is safe when entering it. You’ll need to provide as much detail as possible (including your SSN) in order to match your identity to your credit file so the opt-out works.
It will put a block on your name within 5 business days, but be aware that some offers may have been made before the opt-out application was received. You may get some residual mail before it stops completely. If you prefer to speak with someone directly, call 1-888-5OPTOUT (1-888-567-8688) to arrange the opt-out process.
Block personalized marketing offers from arriving in your mailbox
Reducing the frequency of your personal information being sent via credit card offers will help to reduce your vulnerability to identity theft. There are other steps you should take to reduce this even further.
The Data Marketing and Analytics organization networks with many junk mail providers. The DMA manages a database of customer contact details called the Mail Preference Service (MPS). Marketing companies use this database to target their junk mail to prospective customers. You can remove yourself from this list at any time by completing the form on the DMA Choice website.
You can enter up to 5 names on the form so include common variations of your name or previous names you’ve used. You’ll need to enter credit card details to verify your identity. There’s a $2 processing fee to sign up, but your name and preferences stay in place for 10 years.
If you would like to select which marketing firms can contact you individually, there is an option to receive mail from nominated companies only. If you have canceled all contact or selected too few companies, you can edit your preferences at any time. Be aware that there may be residual mailings for up to 90 days after you remove your details due to campaigns being approved before the cancel date.
Contact other companies individually
Some companies do not subscribe to the DMA, which means they will not be notified of your desire not to be contacted. Charities commonly share databases of previous donors in order to target requests to those more likely to give. There is no central administrative body that manages opt-out lists for charity databases. In these cases, you must contact each company as the unsolicited mail is received. You may need to call them or contact them via their website. You can also write ‘Return to Sender’ on the envelope and mail it back to them. This should discourage them from sending information to you again.
Credit Monitoring Services
You can add an extra layer of protection by using a credit monitoring service. These services monitor your credit history and alert you to changes, such as an identity thief opening credit in your name. While there are many steps you can take to monitor your own credit, using a paid service can reduce your hassle and time investment and provide extra peace of mind.
The Canadian Marketing Association offers a Do Not Mail service. The CMA does not hold any consumer information, but it liaises with marketing companies to notify them if you do not want to receive marketing offers in your mailbox. This will not stop all mail but should reduce it significantly, thereby reducing your risk. The website also contains information about identifying fraudulent offers and further privacy protection options in Canada.
It is illegal for banks and financial institutions to issue credit cards without signed consent from the applicant, so there should not be any risk of unsolicited credit card offers arriving in a Canadian mailbox. If it does, it’s likely to be an attempted identity theft or fraud attempt. You should report the card to a branch and check your credit rating with your chosen bureau.
Charity solicitations may sometimes arrive with some of your personal details completed in order to encourage you to donate more readily. Charities often share and sell contact lists, so you will need to contact each individual charity as you receive the mail to request to be taken off the mailing list. The Do Not Mail service mentioned above also includes some (but not all!) charities.
The Mailing Preference Service (MPS) works with advertising companies to remove your name from marketing lists. Registering with them is free and should take effect immediately, with the exception of any mailings already authorized prior to removal.
Unsolicited preapproved credit card offers were banned in the UK in 2005. If you receive mailings suggesting otherwise it is likely to be a scam and should be reported to the represented bank or financial institution immediately. If your personal details are included on the mailout, contact a credit bureau to check for fraudulent requests and potential identity theft.
If you’ve registered with the MPS and you’re still receiving unsolicited mail, you can file a complaint online to report the offending organization.
The Australian Competition & Consumer Commission (ACCC) makes it clear that financial institutions are barred from offering unsolicited credit card offers in Australia. This also applies to other forms of unsolicited mail and advertising for products and services, as well as unauthorized listing of your personal details.
If you have received an unsolicited card from a bank or financial institution, or another form of unauthorized advertising in the mail, contact the ACCC immediately as you may have been targeted for identity theft. Unauthorized mail containing your personal details also leaves you at risk for identity theft due to the theft of junk mail, so filing a complaint is still a worthwhile venture.
Australians can register their details with the Association for Data-Driven Marketing & Advertising (ADMA) to stop most addressed and unsolicited mail. It may take up to 6 weeks to see a reduction in mail due to previously approved campaigns being conducted.
People who have passed away will have their personal details stored in Australian marketing databases. The Family Bereavement Database allows bereaved family members to delete their loved one’s data from multiple marketing databases. This helps to reduce painful reminders and reduces the likelihood that the deceased person’s details may be stolen and used fraudulently.