A few weeks ago, I had my American Express card attempted to be used to make a bunch of unauthorized purchases. I cancelled the card and they told me I’d have a new one within a week.
In the US, the Postal Service has a feature called “Informed Delivery” where they send you preview images of what mail should be coming to you.
As it happens, I would be in Chicago on Business, but I saw the card show up in my Informed Delivery email for December 16th, and I asked my roommates to get the mail. It wasn’t there. There were also some holiday cards that weren’t there. I didn’t think much of it: figured it would be delivered the following day, but it never happened.
And then, I got a report that my *new* card had been attempted to be used for a purchase I didn’t authorize.
The USPS asks you to wait a week before reporting missing mail, and I figured a delay during the holidays was normal, so I waited until after Christmas.
When I did that (via their online form), someone from my local post office called me the same day and let me know that a mail person had been delivering mail, and had improperly secured the entire bank of mailboxes, and that there had been a rash of mail theft from that bank of boxes.
Here’s an image from Reddit of what it looks like when the mailboxes are open, our apartment has more of them (and they’re outdoors), but they have the same “salt box tilt-open” design. It’s pretty obvious if they’re left open.
The town I live in also has a few homeless camps, and there have definitely been occurrences of cars in our parking lot being gone through, as well.
And during the holidays, when lots of people are mailing cards with cash and checks, well, why wouldn’t you grab and snatch? It’s only slightly less amoral than pocketing a $20 you see fall out of someone’s pocket. You know for sure it’s not yours, but it’s certainly someone else’s fault it’s in your hands now.
We’ll never see those cards again. The mail is lost. Gone through and dumped. Yes, this is a federal offense but it’s not like if they find one of our holiday cards in a homeless camp, the postal inspectors will show up and send people to a Federal Supermax or something. This problem is in the noise floor of concerns.
This is why I still write rent checks and drop them in our apartment’s drop box, which is behind a locked door.
It turns out, that despite all the automated bill pay stuff, if I use it — money gets deducted from my account a week before the bill is due to be paid, and then a physical check, in the mail, is sent to my recipient. I also get no confirmation that the recipient has actually gotten it, or cashed it. Just that it’s been “dispatched”. And if it doesn’t show up, is my bank on the hook for the late fees I’ll incur? Nope.
I don’t know why we don’t have a better answer for this. My apartment charges me a fee for paying my rent with a card. They don’t do ACH payments, and even then, I don’t know that I would trust some random rent-management-as-a-service-app to not be compromised and lose my routing and account numbers.
While we’re at it, why the hell would you mail out a credit card in anything other than a plain white envelope?
I mean, make no mistake, these knuckleheads just grabbed everything, but don’t make it easier for would-be thieves?
Why does a mailbox exist that can be left in a state of unopened like this?
Postal workers typically carry a single key (google: “Arrow Lock” or “Arrow Key”). It’s an old design (I can’t tell how old, but I’d guess at least the 60s), and it’s a warded lock designed to be punched from sheet metal, versus a pin-tumbler design like your house might use.
If you do an image search for the key, you’ll find that a lot of them look…suspiciously alike. As in, every photo I’ve found of them seem to have the same warding, and at this point, I feel like the design is effectively security-via-obscurity. I’ve found pictures of bandage scissors filed into this universal key shape.
Because there are six “banks” of mail boxes, the design of these locks is not key-retaining, but I will also note that the closure on these is not that they can be slam-locked. At least that way, a good samaritan could Do The Right Thing and close the boxes up, but no, the key is also required to secure the box.
From what the Supervisor on the phone told me, they probably didn’t leave it “wide open” but just didn’t “fully shut” it. Why is that design possible? Why have a box that can be half-closed?
Adding technology is sort of a non-starter. It’s sheet metal, and designed to be outside and last for decades or more. Any sensor that could detect not being tightly closed enough would soon become prone to false positives.
We’re not getting Smart Mailboxes or central monitoring any time soon. I accept that. Anything that goes beyond a “more secure dumb lock” would require infrastructure and monitoring at the level of Federal Government Committees.
The Postal Service moves slowly. Heck, look at how long it’s taken them to come up with a replacement for the “LLV” mail trucks, well past their prime by now, and with minor Ford-Pinto-Like problem with catching fire:
There is one obvious fix, though: they could have been more forthcoming. The person who failed to secure the boxes lost their job over this; I’ve been told that much. If there was enough information to do that, then there was sufficient information to let us know (either directly, or via our building management), and that didn’t happen. I could have reported my replacement card to USPS. I could have told any family members who sent checks for the holidays to place stop-payments. This doesn’t require advanced technology. A ball was definitely dropped there.
Like so many things in my life, I have to trust that this will be a one time occurrence. Until it isn’t.
I have to trust that “Someone saw an open bank of boxes and grabbed something.” is somehow different from “Someone has a key and the only thing stopping them from using it is the fear of being noticed.” I have to trust that it wasn’t one of my neighbors.
(As someone who runs servers on the internet, the distinction between these two attacks is roughly analagous to “someone used a weak password that let a hacker in” versus “Someone had an account with no password that let a hacker in.” The damage is done, and it’s mainly to my psyche.)
The US mail system is immense, and there certainly do seem to be differing options for higher-crime areas, and I guess I need to be grateful that this is infrequent enough to not warrant that.
If this were a weekly occurrence, I suspect something more would be done, but right now, this is chalked up to “shit happens” and life goes on.
I hate that answer.
