Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Mail Services an Emerging Vector for Financial Fraud

By Abigail Showman, Tactical Monitoring Analyst, Flashpoint

Threat actors are not shy about using a legitimate means to satisfy their own goals. They leverage commercial and open source penetration-testing tools to attack networks, some use capabilities at the core of the world’s biggest operating systems and software packages to exploit vulnerable endpoints, while a completely different subset are not above abusing the U.S. mail for financial fraud.

Specifically, Flashpoint analysts have identified numerous discussions on closed and invite-only online communities where threat actors advertise methods and paid services that are earmarked for fraud. Many of these individuals are careful to shield their location, but the majority of these discussions are about the U.S. Postal Service, with a limited number of references to the United Kingdom’s Royal Mail.

Abusing Change of Address Services for Fraud

The majority of these schemes discuss ways to use the USPS’s mail-forwarding to intercept mail and facilitate fraud at a later date. Mail-forwarding in this context refers to change-of-address services including temporary and permanent mail forwarding via the USPS. It appears to be a preferred tactic for fraudsters, much more so than recruiting and partnering with postal service insiders or stealing mail from mailboxes.

Mail theft is instead left to abuse of mail forwarding, which can facilitate credit card fraud and numerous forms of identity theft. Threat actors operating inside underground communities and on chat platforms share information about mail forwarding and change of address methods for fraud, as well as strategies for dealing with credit card companies and addressing questions from issuers about sending newly issued cards to different addresses.

Other actors advertise drop-shipping services that can also involve abuse of the USPS’s change-of-address services. Some actors advertise the creation of custom drop addresses while others share information on setting up fraudulent credit lines that involve the use of USPS mail forwarding.

In addition to using mail forwarding to fraudulently obtain credit cards, there are some threat actors who tout the exploitation of the postal service mail forwarding services specifically for identity theft operations. Tutorials exist to facilitate numerous forms of identity theft that involve the use of USPS mail forwarding to facilitate the creation of a fraudulent credit line, for example.

To a lesser extent, Flashpoint analysts have observed some references to USPS insiders. Many of the discussion threads observed are from individuals claiming to have a post office insider, or solicitations for other actors who may have that kind of access. These actors do not appear to have successfully engaged, however, with other actors to initiate a scheme using the insider, Flashpoint analysts said.


There are a few ways to avoid becoming victims of this type of fraud. Opting for paperless versions of bank statements and other official documents that may contain personally identifiable information (PII) can reduce the likelihood that threat actors intercept sensitive information. Individuals should also monitor their credit report for unusual activity that may indicate a threat actor has fraudulently opened a line of credit.

Additionally, although the USPS sends confirmation letters following a change of address request, if there is a marked decrease in one’s regular volume of mail (including credit card offers or marketing and promotional materials) for a sustained period of time, individuals can contact their post office to check whether a change of address may have been filed under their name.