Cybercriminals have developed a method to exploit postal services by using unoccupied properties as “drop addresses” to intercept mail and commit fraud. This tactic, highlighted by Flare’s research, demonstrates how threat actors manipulate property vacancies and fake identities to carry out postal fraud at scale. The scheme takes advantage of gaps in both postal infrastructure and identity verification systems, making it difficult for authorities to detect or disrupt.
The Tactics Behind Exploiting Vacant Properties
Threat actors identify and target vacant homes, using them as collection points for intercepted mail. By operating out of unoccupied properties, they conduct fraudulent activities with minimal visibility. The unoccupied nature of these homes provides built-in cover, as there are no residents to flag suspicious deliveries or report unusual postal activity to authorities.
Beyond physical access to empty properties, cybercriminals rely heavily on fake identities to manipulate postal services and divert mail away from its intended recipients. These fictitious profiles are used to reroute deliveries, register false forwarding addresses, and intercept sensitive correspondence without raising immediate red flags. The use of fabricated identities further complicates efforts by law enforcement and postal services to trace activity back to those responsible.
What Flare’s Research Reveals About This Fraud Method
Flare’s findings break down the mechanics of how threat actors turn postal services into a fraud vector. The process typically follows a clear sequence of steps that allow criminals to operate with a degree of structure and consistency:
- Identify Vacant Properties : Locate unoccupied homes that can serve as drop addresses for intercepted mail.
- Fabricate Identities : Build fictitious profiles capable of manipulating mail routing and receiving diverted deliveries without suspicion.
- Exploit Postal Mechanisms : Use existing postal infrastructure to redirect or collect mail while avoiding detection by services or recipients.
This method allows for the collection of valuable documents, financial statements, government correspondence, and other sensitive information that can be used in downstream fraud schemes, including identity theft and financial crime.
Why Postal and Identity Security Systems Fall Short
This form of fraud presents real challenges for both postal services and identity protection frameworks. Standard security measures are often not built to detect the kind of low-profile, distributed activity that characterizes this threat. Because the schemes rely on real addresses and plausible-looking identities, automated screening tools may not flag anything unusual until significant damage has already occurred.
As criminals continue to refine these tactics, detection capabilities and awareness among postal operators, financial institutions, and consumers will need to keep pace. Flare’s research serves as a pointed reminder that fraud does not always originate from behind a screen — sometimes it starts at the mailbox.
