1(630)802-8605 Ravi.das@bn-inc.net

Well, how was everybody’s Memorial Day Weekend?  Mine was pretty blah, just busy working on my new book project.  As I promised, I would bring you today an entirely new subject on Cyber security.  But, the thing is, this new threat is not really a Cyber threat, but rather it is a physical threat that has started to emerge as of late.  As I have mentioned, the Cyber attacker of today is not just looking at stealing your username and password.

Rather, they are also out to cause physical damage as well, reverting to the traditional means of theft.  A prime example of this is an unsuspecting victim by the name of Josefina Gomez Pando.  Just a couple of months ago, she dropped a check for $112 into a traditional. blue mailbox on a corner on the Upper West Side of New York City.

But quite surprisingly, the mailman never got the check, and it was never delivered off to its final destination.  Rather, somebody else actually retrieved the envelope in which the check was in from that mailbox, and instead, cashed it for $3,500.  This type of new attack is known as specifically as “Mail Fishing” (no, no typo here – I don’t mean the “Phishing” kinds of Cyber attacks), and it occurs when  people use tools to retrieve envelopes out of the blue mailboxes on streets and street corners that are not highly frequented.

What kind of tools you may be wondering?  Well, the most commonly used ones are those of using a sticky rat trap attached to the end of a string.  Apparently, this new kind of threat is something that is now very real, and in fact, according to New York City officials, has doubled over the last two years, and is also being experienced in the states of Texas, Florida, New Jersey, Massachusetts, Colorado and California.  In fact, it is quoted as saying that this problem is growing “coast to coast”.

It is obvious that the US Postal System will be further prone to such types of attacks in the future, because of the sheer amount of mail that is going through the system.  For example, just last year alone, over 150 billion pieces of mail was delivered alone, not including packages.  These are just regular envelopes, in which people mail checks in, just like the victim portrayed earlier.  It is expected that this number is going to greatly increase this year.

Back to the victim, she received a phone call from Citibank just two days after her check was cashed, and according to her own words, “It was very good writing and it was very professional writing . . . Always when I make my signature, I make a line under my name”  (SOURCE:  https://www.cnbc.com/2018/05/25/as-computers-get-harder-to-crack-thieves-are-pillaging-mailboxes.html)

But, the good news is that the major banks are aware of this scheme that is happening and are on the constant lookout for such fraudulent checks that are being cashed.  On top of that, they have employed the use of specialized mathematical algorithms t help which checks are for real and which are not.  According to an official at Citibank:  “At Citibank, we take check fraud very seriously and we maintain regular contact with local police as part of our aggressive strategy to combat all types of fraud.”  (SOURCE:  https://www.cnbc.com/2018/05/25/as-computers-get-harder-to-crack-thieves-are-pillaging-mailboxes.html).

So, how do these people get the stuff out the mailbox?  According to the New York City Police department, these mail thieves usually send down a rectangular sticky trap that are traditionally used to catch mice and other types of rodents.  With this technique, up to 20 envelopes can be captured, thus increasing the chances that an envelope with some value in it (such as a check) will be captured.  Examples of what have been caught so far, once again according to the NYC Police Department:

  • Gift cards;
  • Birthday cards that are filled with cash;
  • Rent checks;
  • Credit card billing statements (or other types of financial statements with the entire number written on it, not just X’d out);
  • Other documents with other personal information and data such as Social Security numbers, home addresses, etc.

For example, once a check is in the hands of the Mail Fishing Thief, then they can literally “wash” out a person’s check with chemicals that are easy to procure at any hardware store.  The end result is a blank check with which anything can happen with, such as the case in the above mentioned victim.

It should be noted that law enforcement officials, including the FBI, the Secret Service, and even the United States Postal Inspection are all taking a proactive stance against Mail Fishing.  For example, there are hidden CCTV cameras by these mailboxes, and even under cover cops are patrolling these mailboxes late at night, when these thieves think that nobody is watching.

But, as an innocent citizen, what are some of the steps that you can take to protect yourself from Mail Fishing?  Here are some tried and true techniques:

  • Deposit your mail before the last collection time. This will prevent your mail from sitting in the box overnight.
  • Take your mail and literally deposit it into a drop box that is located inside the facility.
  • Although it may cost some money, you may even want to start to track your packages. Obviously, you don’t want to do this for each and every piece of mail that you send out, but save it for the most important ones, like your bills.
  • Instead of mailing checks, perhaps consider to start using online bill pay. Of course, there is just as much of a risk here as well, but in these instances, any fraudulent activity can be detected almost immediately, without having to wait for days, in the case of this check.
  • You might even want to consider getting a PO Box, in which your mail can be delivered to you in a locked box that is just dedicated to you and you only.

As mentioned earlier in a previous blog posting, as a society we are now going to, and with good reason, to the other extreme of watching out for just Cyber based and Digital based threats.  Very little regard is now given to threats that can happen in a physical sense, such as Mail Fishing and even Dumpster Diving.

The mail thieves are aware of this, and will take advantage of every opportunity that they can of our lack of awareness in this regard.  Now we that we know that these types of threats still exist, we need to have a balance of securing both worlds – the Physical and the Virtual.