Podcast Episode Details
Back to Podcast Episodes
USPS Informed Delivery Vulnerabilities, Holiday Credit Card Fraud, Huge SMS Database Leak – WB43
This is your Shared Security Weekly Blaze for November 19th 2018 with your host, Tom Eston. In this week’s episode: USPS Informed delivery vulnerabilities, protecting yourself from credit card fraud and a huge SMS database leak.
Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off your order. Visit silent-pocket.com to take advantage of this exclusive offer.
Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on the top 3 cybersecurity and privacy topics from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
Are you using or thinking about using the US Postal Service’s “Informed Delivery” feature? If so, you’ll want to pay close attention to the recent warning from the US Secret Service which was sent to law enforcement across the country earlier this month. This alert stated that fraudsters are leveraging this feature to surveil potential identity theft victims and references a recent case in Michigan where seven people were arrested for apparently stealing credit cards from mailboxes after registering as those victims for the Informed Delivery service.
Brian Krebs from KrebsOnSecurity.com, who broke the news about the Secret Service alert, has noted that in the past the postal service has had no way to notify residents when someone signed up for the Informed Delivery service at their address. However, earlier this year the postal service corrected this issue by now mailing residents if someone has signed up for Informed Delivery at their address. Unfortunately, this doesn’t solve this problem if fraudsters simply order credit cards to the address before signing up for the service. Once the cards have been ordered the fraudster can then take advantage of the week or so that it takes to get a credit card in the mail to sign up the victim for Informed Delivery.
The other issue with Informed Delivery is that to sign-up for the service you’re asked four knowledge based authentication (or known as “KBA”) questions which typically have answers which can be Googled or found though other searching techniques on the Internet. KBA has been well known for quite some time that it’s not a reliable form of authentication.
So what can you do if you’re concerned about having your address hijacked by a fraudster using Informed Delivery? Unfortunately, not a lot at this point. Putting a freeze on your credit can help as if someone is trying to set up Informed Delivery in your name, then the KBA process can’t access your credit files. However, Brian Krebs reports that this may not be working for everyone with a credit freeze in place. You may also want to “plant your flag” so to speak by signing up for Informed Delivery before someone else does. When signing up myself I was asked to visit my local post office branch to physically verify me or have a “invitation code” sent to me through the mail. Other than that, you can try to email the postal service to attempt to ‘opt-out’ of Informed Delivery but according to reports, emails are going unanswered and those that have had responses are asking KBA questions that are to be responded through plain text email. And we all know plain text email is not a secure means of communication. It’s safe to say that Informed Delivery is quite the mess right now. We’ll be sure to keep y
Published on 7 years, 1 month ago