How Old-School Mail Scams Are Still Stealing Your Money

In a world so full of digital online scams, it’s hard to remember that scammers abuse our postal mailing systems as well.

Scams are as old as humanity. And most of the scams we see today on the internet have been occurring for decades or even centuries before the internet was the internet. Nigerian scams have been documented back to the 1700s.

Back in the late 1980s, when I went to the local hardware store to get something, my wife received a call that indicated that I had been kidnapped and was being tortured. They asked for a ransom. I returned home 30 minutes later to a sobbing wife that was very happy to see me in regular condition. We called the police. They said that type of scam had been going on for decades. So, when I hear about today’s AI-enabled deepfake fraudulent kidnapping scams, I know they are not new. Only the medium has changed.

Recently, the postal mail advertisement below was posted to my local Nextdoor page as a community warning.

It’s not as devious as some advertisements I’ve seen, but it follows a familiar pattern where the advertisement is made to look like an official government form, even though it has “Not affiliated with or endorsed by any government agency” in a tiny font.

The advertiser knows that some non-minor percentage of recipients will see the form and get tricked into thinking it is from the government or from some government-related agency. Here’s a U.S. Postal Service page discussing government-look-alike mail scams.

My wife, who is nearing retirement age a little bit before me, gets a handful of Medicare-looking advertisements a day. Most are regular-looking commercial Medicare supplement advertisements, some are from the U.S. government, and a bunch are intentionally created to look like they came from the U.S. government (which is not known for making beautiful-looking advertisements).

Is it intentionally misleading advertising or just an outright criminal scam attempt? The lines are blurred. But by including a sentence or two in tiny fonts, it’s all legal.

Some mailings are just out-and-out fraud. There are no warnings in tiny fonts. Just a scam from beginning to end.

They arrive pretending to be awarded checks and refunds that you need to deposit in your bank account. But first, they will need your financial information and a small fee to begin the process.

I’ve seen phony bills, fraudulent hospital collection services, offers to put your name in phony Who’s Who for a fee, fake Do Not Call registries, and many more. There are scammers who mail people Amazon items that the recipient did not order. The hope is often that the recipient opens the package and is tricked or incentivized to pay for it. Usually, the item sent is vastly overpriced.

Or the “shipper”, when contacted by the recipient, pretends to apologize, and says they will send a check to the recipient to cover the cost of shipping the received item back. They usually tell the recipient that they will give them a small “reward” (e.g., $100) for the time and trouble it takes the recipient to send the item back. But when the check arrives, it’s for many thousands of dollars.

The recipient calls about the larger-than-expected check, and the scammer tells the recipient to cash the check, keeping a larger amount of money (say $1000) for themselves and to forward the larger remainder to some third party. What is happening instead is that the recipient is depositing the fraudulent check that will later bounce, and the recipient will have to repay the bank for the money sent to the third party.

And even stranger, but a popular mail fraud scam, is called “brushing.” With this scam, the recipient receives an unwanted mail parcel (often from Amazon). The user has no way of knowing who sent it or why. But by not returning it (say, using Amazon’s unwanted package return form), the scammer can use the receipt of the item to post a fake positive review in the recipient’s name. What weird scams scammers will do!

We recently posted on a similar brushing scam that used QR codes: https://blog.knowbe4.com/fbi-report-attackers-are-sending-physical-packages-with-malicious-qr-codes.

The U.S. Postal Inspection Service lists these main types of mail fraud:

Elderly Fraud
Fraud Against Veterans
Fake Sweepstakes and Lotteries
Employment Fraud
Telemarketing Fraud
Financial Fraud
Usually Low Pricing Fraud
Payment for Free Services
Phony Registration Services

There are plenty of snail mail scams. So, while we are warning ourselves, family, friends and co-workers about the plethora of online scams, we need to educate about mail fraud as well.

And just as I teach about online scams, if I only had 20 seconds to teach someone about how to best avoid online scams, the advice below in graphical form applies to all fraud, online or otherwise.

If you receive a message, mailing, or package that you weren’t expecting and it is asking you to perform an action you’ve never done before, it’s best to research it using another trusted method (don’t rely on any information sent to you in the message or package) before performing the request action.