Having your identity stolen can be distressing and very time consuming to rectify. Commonly identity fraud is conducted to secure loans, credit, and other forms of finance. Occasionally it is done maliciously in order to disrupt a person’s life and livelihood. Identity theft occurs when a person is fraudulently represented using sensitive personal information such as their full name, social security number, birth date, and address.
There are many ways criminals can steal your personal data, but have you considered that junk mail theft might be one of them? It’s likely that you take care of your online accounts and your wallet, but how much attention do you pay to your mailbox? A lot of very sensitive information passes through our mailboxes, sometimes daily. This comprehensive guide will take you through the types of mail you need to watch out for, how identity theft using junk mail can occur and what you can do to stop it.
Here’s a list of common mail types and why you need to act now to secure your identity.
- 1 Categories of mail that carry sensitive data
- 2 How identity theft happens through the mail
- 3 How to protect yourself against identity theft
- 4 Block pre-approval offers from arriving in your mailbox
- 5 Block personalized marketing offers from arriving in your mailbox
- 6 Contact other companies individually
- 7 Credit Monitoring Services
- 8 Canada
- 9 UK
- 10 Australia
Categories of mail that carry sensitive data
- Personal documents: This includes any papers with your social security number, birth date, or driver’s license number. It also includes information relating to employment or the IRS, or taxes.
- Financial documents: Bank statements, letters of offer, or any other official financial correspondence from banks, credit unions and other lending facilities. This includes store cards, new check books, and invoices.
- Junk documents: Companies can purchase your personal contact details from marketing databases and may include this information in solicitation attempts. Common examples include insurance offers, mail order services,f and credit card pre-approvals.
- Child/minor documents: Any correspondence that identifies your children, their medical information, school information, applications, financial aid forms, or field trip authorizations.
- Business documents: Any paperwork that comes to your home address that relates to business dealings. Particularly important if you work from home, work as a contractor or have a mobile business.
- Accounts documents: Papers with identifying details that relate to online accounts including usernames, email accounts, subscriptions, bills, accounts, real estate correspondence, magazines and recurring donation solicitations.
How identity theft happens through the mail
The are a few common ways criminals use stolen personal documents to assume your identity. When you know what criminals are watching for you can take steps to protect yourself and your family.
Banking and credit card invoice theft
If a criminal can get hold of your credit card invoice, they can likely use the information to imitate you and add charges to your card including purchases and cash withdrawals. Credit card invoices may include enough information for thieves to call the credit card company and impersonate you. When this happens, criminals commonly redirect statements to a new address or apply for an increased limit without your knowledge. Both of these actions extend the time a person is unaware of the crime.
Outgoing mail theft
Any mail you leave in an unsecured place for the postal service to collect is vulnerable to theft. Along with any personal information you may be sharing with legitimate companies, mailed checks are extremely valuable to thieves. Mailed checks can be intercepted and make you vulnerable in two ways. First, the check can be cashed, and the money stolen. Second, that check and any accompanying information like account details can be used to assume your identity at a later stage.
While most people don’t think twice about putting sensitive mail into the mailbox, they are always vulnerable to attack. Most mailboxes are safe most of the time, but they are sometimes targeted by thieves. “Mail fishing” is used be ID thieves to retrieve people’s envelopes out of blue mailboxes on the street.
Mail fishing involves using a trap that is lowered into the mailbox with a piece of string. Thieves can pull out up to 20 letters at a time with this technique. Sometimes the boxes themselves may be vandalized and broken into.
How to protect yourself against identity theft
There are two main strategies you can use to reduce the chance that your identity will be stolen through junk mail exploitation or theft. The first is to secure your incoming data by managing the documents you do receive. The second is to reduce the amount of vulnerable information being sent to you in the first instance.
Managing sensitive documents and information
- When discarding non required documents, do not tear them and dispose of them into insecure garbage collection. Shred vulnerable documents, soak them in water, or burn them,
- Move your finances online and stop paper billing,
- Routinely monitor your accounts for unusual activity,
- Post sensitive mail directly at the post office rather than a street-side mailbox,
- Use a lockable mailbox at home so it can’t be accessed without a key, and
- Consider using a PO Box to remove your physical address from your mail for added security.
Reducing the inflow of documents that hold sensitive data
Marketing databases are valuable to companies because they hold a staggering amount of personal information about consumers. Companies can target their customers based on a range of recorded characteristics and will personalize offers with as much information as possible to secure a sale. This flow of information is not secure. You will need to take action to stop this. Here are the contact details for the most common sources of data-heavy solicitations and information on how to stop the mail outs.
Block pre-approval offers from arriving in your mailbox
Credit card companies ask credit bureaus to provide them with the details of people with good credit. The credit card companies then use this information to send pre-approved credit offers in the hope of expanding their business. This is legal and there is no way to prevent the data-sharing, but there is a way to stop credit companies contacting you with pre approval even when you meet their criteria.
Click on the link to go to OptOutPrescreen.com. This website is for US citizens only and entering your information there will block any pre approvals occurring for 5 years. If you want to permanently remove yourself from consideration you will need to print and fill out a form available on the site (post it from the post office!).
The website is secure, so you can be confident that your data is safe when entering it. You’ll need to provide as much detail as possible (including your Social Security number) in order to match your identity to your credit file so the opt-out works.
It will put a block on your name within 5 business days but be aware that some offers may have been made before the application was received, so you may get some residual mail before it stops completely. If you prefer to speak with someone call 1-888-5OPTOUT (1-888-567-8688) to arrange the opt-out process.
Block personalized marketing offers from arriving in your mailbox
Reducing the frequency of your personal information being sent via credit card offers will help to reduce your vulnerability to identity theft. There are other steps you should take to reduce this even further.
The Direct Marketing Association networks with many junk mail providers. The DMA manages a database of customer contact details called the Mail Preference Service (MPS). Marketing companies use this database to target their junk mail to prospective customers. You can remove yourself from this list at any time by completing the form on the DMA MPS website.
You can enter up to 5 names on the form so include common variations of your name or previous names you’ve used. You’ll need to enter credit card details to verify your identity (at no charge). If you want to avoid sharing those details, you can post a form to the DMA for a small fee, which is available to print from the same website.
If you would like to select which marketing firms can contact you individually, there is an option to receive mail from nominated companies only. If you have cancelled all contact or selected too few companies, you can edit your preferences at any time. Be aware that there may be residual mailings for up to 90 days after you remove your details due to campaigns being approved before the cancel date.
Contact other companies individually
Some companies do not subscribe to the DMA, which means they will not be notified of your desire not to be contacted. Charities commonly share databases of previous donors in order to target requests to those more likely to give. There is no central administrative body that manages opt-out lists for charity databases. In these cases, you must contact each company as the unsolicited mail is received. You may need to call them or contact them via their website. You can also write ‘Return to Sender’ on the envelope and mail it back to them. This should discourage them from sending information to you again.
Credit Monitoring Services
You can add an extra layer of protection by using a credit monitoring service. These services monitor your credit history and alert you to changes, such as an identity thief opening credit in your name. While there are many steps you can take to monitor your own credit, using a paid service can reduce admin and provide extra peace of mind.
The Canadian Marketing Association offers a Do Not Mail service. The CMA does not hold any consumer information, but it liaises with marketing companies to notify them if you do not want to receive marketing offers in your mailbox. This will not stop all mail but should reduce it significantly, thereby reducing your risk. The website also contains information about identifying fraudulent offers and further privacy protection options in Canada.
It is illegal for banks and financial institutions to issue credit cards without signed consent from the applicant, so there should not be any risk of unsolicited credit card offers arriving in a Canadian mailbox. If it does, it’s likely to be an attempted identity theft or fraud attempt so report the card to a branch and check your credit rating with your chosen bureau.
Charity solicitations may sometimes arrive with some of your personal details completed in order to encourage you to donate more readily. Charities often share and sell contact lists, so you will need to contact each individual charity as you receive the mail to request to be taken off the mailing list. The Do Not Mail service mentioned above also includes some (but not all!) charities.
The Mailing Preference Service (MPS) works with advertising companies to remove your name from marketing lists. Registering with them is free and should take effect immediately, with the exception of any mailings already authorized prior to removal.
Unsolicited preapproved credit card offers were banned in the UK in 2005. If you receive mailings suggesting otherwise it is likely to be a scam and should be reported to the represented bank or financial institution immediately. If your personal details are included on the mailout, contact a credit bureau to check for fraudulent requests and potential identity theft.
The Australian Competition & Consumer Commission (ACCC) makes it clear that financial institutions are barred from offering unsolicited credit card offers in Australia. If you have received an unsolicited card from a bank or financial institution, contact them immediately as you may have been targeted for identity theft.
Australians can register their details with the Association for Data-Driven Marketing & Advertising (ADMA) to stop most addressed and unsolicited mail. It may take up to 6 weeks to see a reduction in mail due to previously approved campaigns being conducted.
People who have passed away will have their personal details stored in Australian marketing databases. The Family Bereavement Database allows bereaved family members to delete their loved one’s data from multiple marketing databases. This helps to reduce painful reminders and reduces the likelihood that the deceased person’s details may be stolen and used fraudulently.