ID Theft Resources

Share Article
11 January, 2024
|
6 min read

That misdelivered email or letter could come back to bite you

BC

Brenna Cleary

Principal social media marketing manager; security and privacy advocate

+ More
Person sitting at a desk looking at three screens – laptop, mobile phone, and tablet.

Misdelivered mail or email can be the result of an innocent mistake. But before you trash it, shred it, or return to sender, take a closer look. It could be a sign that you’re being scammed or targeted for identity theft. 

If you’re one of the more than 38,000 Americans to have the name James Smith, it figures that you might get more than your fair share of mail or email that was actually intended for someone else. Same if you’re one of the more than 32,000 Maria Garcias. But even if you don’t possess one of the most common names in the United States, chances are you get an occasional email or printed letter that, for one reason or another, is misdelivered.

Emails ending up in the wrong inbox, just like snail mail ending up in the wrong mailbox, can be the result of an innocent mistake—a simple misspelling of a recipient’s name or address, for example. Nonetheless, such misdirected missives can and often do lead to serious data breaches, especially when an email or attachment shares sensitive information.

But what if you receive an email or letter that only seems to be misdelivered? Don’t be so quick to delete or toss these in the trash. They could be a red flag that someone is running a scam and either has you in their sights, or worse, already has you in their net.

The many faces of email or mail fraud

Those apparently misdelivered emails or letters can mask a variety of scams. One such scam is when an email congratulates you for signing up for a website is actually from a scammer signing you up for services they’re receiving through your name (or hiding their own activity). An email from your water, gas, or cable company warning you of non-payment for services for a physical address you don’t occupy might not be a mistake, but utility fraud. That’s when a fraudster uses your name or identity to order utility services with no intention of paying for them.

Likewise, a letter that comes to your physical mailing address could be a case of address fraud where a scammer is using your address to facilitate illegal activities such as obtaining credit, goods, or services under false pretenses. This could also involve any case of fraud that depends on a fake address, such as opening a bank account or trying to enroll a child in a different school.

More ominously, a letter that comes to your address in someone else’s name may also be a sign you’re caught up in synthetic identity theft—a type of identity theft in which a thief mixes real and fake information to create fake identities. With this type of fraud, the thief may steal your legitimate address and combine it with falsified personally identifiable information, such as a fake name or date of birth, to create an entirely new identity. That letter in your mailbox could be from a creditor who is trying to reach the thief, and your home address is mingled with information the identity thief has cobbled together.

Workplace email scams

Your work email account could also be subject to scams. For example, a type of attack known as Business Communication Compromise (BCC) or Business Email Compromise (BEC) typically involves fake communications from colleagues or business partners. Oftentimes, the malicious party launching the attack impersonates someone with decision-making authority who can authorize a financial transaction, provide system access, or release sensitive data

Using phishing or social engineering techniques, BCC or BEC attacks lead to unauthorized financial transactions and significant data breaches that can in turn open a direct pathway to identity theft. This type of attack is on the rise and has evolved to target both large corporations, small businesses, and personal transactions. According to an FBI announcement this past June, BEC attacks led to $51 billion in exposed losses (defined as actual and attempted losses) between 2013 and 2022.

And in 2024, BCC or BEC attacks are expected to grow in sophistication as fraudsters use new AI technology to create deepfakes, resulting in increased financial fraud and data breaches.

What to do about misdelivered mail

Keep an eye out for signs of identity theft, such as bills for items you did not buy or for accounts you did not open, information on your credit report for accounts you did not open, and denials of loan applications. Also watch for mail that stops coming to your mailbox or is missing from it.

Other preventative steps you can take include the following:

  • Don’t answer email from people you do not know.
  • Don’t share personal information like your bank account number, Social Security number, or date of birth.
  • Collect your mail daily and place a hold on it when you will be on vacation or away from home. 
  • Review credit card and bank account statements for unauthorized or suspicious transactions, and report these if you find them.
  • Stay vigilant about unsolicited communications, especially those containing abnormal or unusual requests. Always verify the authenticity of unexpected communication requests through multiple channels.
  • Look out for errors in spelling or grammatical oddities, and especially for errors in the format or spelling of an email sender’s address. Hackers often craft emails that look legitimate but that, on closer inspection, might be missing letters, use a dash instead of an underscore, or substitute special characters that closely resemble letters of the alphabet, and so on.

For additional identity theft protection, consider services like LifeLock Standard that can help closely monitor your identity. From patrolling the dark web for your personal information to alerting you whenever we detect fraudulent use of your SSN or other personally identifiable information, LifeLock can provide you with peace of mind.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Dropbox Not Hacked, But Your Account May Have Been Compromised
Dropbox said no breach had happened on its servers. “Your stuff is safe. The usernames and passwords…were stolen from unrelated services, not Dropbox.
Read More
Can Your Identity Be Stolen With Only a Name and Address?
Stay informed about the latest identity theft news and stories about what law enforcement and elected officials are doing to protect consumers from becoming victims.
Read More
Child Identity Theft by a Parent: What You Need to Know
Stay informed about the latest identity theft news and stories about what law enforcement and elected officials are doing to protect consumers from becoming victims.
Read More
Debit vs. Credit Card ID Theft
Most credit card companies allow 90 days for a victim to report an unauthorized transaction, while banks generally require a two-day notice for unauthorized debit card purchases.
Read More

Start your protection,
enroll in minutes.

Get discounts, info, protection tips, and more

Sign up for promotional emails