Skip to the main content.
True Tales Blog: UPS Change of Address

True Tales Blog: UPS Change of Address

Problems With Mail delivery are Universal

Everyone has a story of something going wrong with the postal service delivering their mail.  My personal best was when it took three months for USPS to complete a simple Return to Sender; I sent out a card in January and got it back marked Delivery Impossible in April.  Why it took them three months to figure this out and return it, I’ll never know. But this story beats mine hands down.

In October 2017, a Chicago resident submitted a USPS Change of Address form changing the mailing address of UPS headquarters to his own apartment in Atlanta.  He even messed up the form, signing his own initials before scratching them out and replacing them with UPS. Nonetheless, the form was accepted and mail directed to UPS headquarters was delivered to his Chicago apartment for over two months in volumes requiring the mail carrier to leave a USPS bin outside his door to hold it all.  USPS only did something about the situation when UPS headquarters informed the U.S. Postal Inspection Service (the law enforcement arm of USPS) of the issue.

The kicker? They found over 3,000 pieces of mail in his apartment addressed to USPS and he deposited at least 10 stolen checks totaling 58,000 USD.

If you think cybersecurity begins and ends with your company's computer systems, think again...

How pervasive is this threat? Well, USPS has received over 45,000 questions or complaints about suspicious change of address forms since January 2016.  Obviously, these requests don’t receive much scrutiny (no one thought it was suspicious that mail for a huge company located in Atlanta was being delivered to an apartment in Chicago?), so an attacker could easily change the address of your company or one of your customers or employees to gather sensitive information.

Consider even a change of address form and cyber security strategy in the same context of company and information protection. For large organizations or small, it’s important to consider every method that an attacker could use to steal sensitive data and take steps to monitor or prevent something like this from happening to your organization. So, what kinds of personal information do you send via mail to your clients and employees?

Don’t take our word for it? Check out this NPR article.

More from the Trenches!

Stay Smart on Security Scams With These Tips

Stay Smart on Security Scams With These Tips

Psst: CISOs and experts, this is one of our beginner-oriented articles! If you're looking for more advanced material, we recommend a dive into the...

3 min read

The 9 Golden Rules to Keep Your Passwords Safe and Secure

The 9 Golden Rules to Keep Your Passwords Safe and Secure

In our fast-paced digital world, where passwords guard everything from your bank account to your cat’s Instagram profile, ensuring their security is...

3 min read

Beyond Phishing: The Value of a Holistic Cyber Security Perspective

Beyond Phishing: The Value of a Holistic Cyber Security Perspective

What is the Value of a Holistic Cyber Security Perspective? Most cyber security products and training focus almost entirely on phishing attacks....

6 min read