Two weeks ago, my colleague received a letter in his mailbox of what seemed to be an automatic payment sign-up program from AT&T requesting him to fill out a form for a new credit card for auto-withdraw because the credit card they have in the system is no longer valid. When he looked closer at the letter, the sender’s address, and letter layout – it was clearly not sent from AT&T.
With cybercrime as a hot topic these days, scammers are reverting back to tricks from their old playbook – scam via postal mail. This blog will talk about the signs of postal mail scams and how to effectively lessen the likelihood of future occurrence.
How to recognize a falsified letter
The letter had several components that were suspicious to the mail’s origin. Here are some tips to help you identify a falsified letter:
• Google is your best friend. When you input the address into Google Maps, you will be returned with a street view of an abandoned building, not an AT&T corporate building. Google search results will also display results from others who have received this letter in the past, noting that it is “a scam letter,” not a valid mail from AT&T.
• Incomplete AT&T account number. The first couple numbers of your account is showing but the last couple of digits of your AT&T account number is missing. This is a red flag. Your information was probably stolen directly from your residential mailbox or from a public mailbox close to your home.
• Threats with an Underline. Reputable companies like AT&T do not threaten customers. If you are reading notes that state – within x amount of days “internet service will be disconnected” or “may result in an early termination fee to your account” – honorable companies do not do this. You are a valuable customer and companies like AT&T that have a good reputation, would have called you to explain the situation.
What should you do after identifying a falsified letter
Now that you have become more aware about the origin of your postal mail, what actions should you take to decrease the probability of this situation from happening again in the future?
• Proper disposal of mail. If you are not shredding your mail already, it is a good time to start. There are criminals who will hunt through people’s trash for information. It is a good first step to take for lessening the likelihood of document and identity theft.
• Tell the company about it. Whether it is AT&T or another company. Post what happened to you on the company’s customer service and social media pages, let the public know about the scam. Call customer service to make sure your account is secure and that your current payment setup is working properly. Note: DO NOT call the phone number printed on the letter or envelope. Go to the official company website and get the contact information there.
• Report potential mail theft. Call 877.876.2455, this is the phone line to United States Postal Inspection Service from 8 a.m. to 4:30 p.m. in all time zones. Make known that your postal mail and that of your neighbors’ may be under attack.
• Empty your mailbox promptly. There is a smaller chance for crooks to steal your information if it is not available for them to steal. Empty out your postal mailbox every day after you get home from work. Mail gets delivered during the day. If they steal from your mailbox, it will have to be between the time when the mail gets delivered to when you get home from work. Make sure to keep your mailbox clear of sensitive information as soon as possible.
How to spot a Malicious Email?
Similar to phishing for private information out of postal mailboxes, the same can be done through Emails. Individuals and companies alike should be aware of what signs to look for and how to go about dealing with the malicious email attacks.
For more tips on how to deal with cybercrime, check out our post on Social Engineering: Manipulating the Human Mind.