Mail Theft and Identity Fraud: USPS Risks and Preventive Measures

Mail theft represents one of the most persistent physical vectors for identity fraud in the United States, sitting at the intersection of federal postal law, consumer protection regulation, and financial crime. The U.S. Postal Service processes approximately 127.3 billion pieces of mail annually (USPS Annual Report 2022), creating an extensive surface area for theft-based credential and account compromise. This page describes the structure of mail theft as an identity fraud mechanism, the regulatory framework governing it, and the classification boundaries that distinguish its major variants.

Definition and Scope

Mail theft is defined under 18 U.S.C. § 1708 as the taking, secreting, embezzling, or destruction of any mail matter before delivery to the addressee. The statute covers letters, postcards, packages, and any article contained therein. Violations carry federal penalties of up to five years imprisonment per offense.

As an identity fraud vector, mail theft is classified by the Federal Trade Commission within the broader taxonomy of identity theft report types, distinguishing it from purely digital credential theft. The scope encompasses physical interception of documents containing personally identifiable information (PII) — including Social Security numbers, account numbers, date of birth, and government-issued identification — as well as the downstream fraud enabled by that interception.

Mail theft-based identity fraud intersects with the service landscape documented in the Identity Theft Providers section of this resource, covering both individual consumer exposure and institutional liability. The U.S. Postal Inspection Service (USPIS), the law enforcement arm of USPS, holds primary federal jurisdiction over mail theft investigations.

How It Works

Mail theft-to-fraud follows a structured sequence with identifiable phases:

1. Interception — Physical mail is stolen from residential mailboxes, cluster box units (CBUs), blue collection boxes, postal vehicles, or postal facilities. USPIS has documented organized theft rings targeting arrow keys — master keys granting access to CBUs and collection boxes — as a primary escalation method.

2. Document harvesting — Stolen mail is sorted for high-value items: pre-approved credit card offers, financial statements, tax documents (W-2s, 1099s), government benefit notices, checks, and new debit or credit cards.

3. Check washing — A specific chemical process in which ink is removed from legitimate checks using acetone or other solvents, allowing the payee and amount to be altered. The Financial Crimes Enforcement Network (FinCEN) has issued advisories on check washing as a component of mail fraud schemes.

4. Account takeover or new account fraud — Using harvested PII, perpetrators either take over existing financial accounts by updating contact information or open new lines of credit. New account fraud and account takeover are classified separately in FTC taxonomy because they carry different detection timelines and remediation paths.

5. Monetization — Fraudulent checks are negotiated, new credit lines are drawn down, or stolen identity credentials are sold on secondary markets.

Common Scenarios

Mail theft identity fraud manifests across four primary scenario types:

Residential box theft — The most frequent scenario, targeting standard curbside or apartment mailboxes with no locking mechanism. Government benefit checks, tax refund checks, and new payment cards are primary targets.

Change-of-address fraud — Perpetrators submit fraudulent USPS change-of-address (COA) forms to redirect a victim's mail to a controlled location. USPS requires identity verification for COA submissions, but exploitation of weak verification steps has been documented in USPIS case filings. This scenario is distinct from direct physical theft because no mailbox is accessed — the mail stream itself is hijacked upstream.

Internal postal theft — USPIS investigations include cases involving postal employees intercepting high-value mail items. These cases are prosecuted under 18 U.S.C. § 1709, which applies specifically to postal employees and carries the same five-year penalty ceiling as § 1708.

Package and parcel interception — With the growth of e-commerce, parcel theft (colloquially "porch piracy") has expanded as a vector. While porch theft does not typically yield identity-relevant documents, intercepted packages containing replacement payment cards, medical devices linked to account numbers, or government correspondence do create identity exposure.

The distinction between change-of-address fraud and direct box theft is operationally significant: COA fraud can redirect mail for weeks before detection, whereas box theft is typically a single-event interception.

Decision Boundaries

Determining the applicable regulatory and remediation framework depends on several classification criteria:

• Federal vs. state jurisdiction: Mail theft is a federal offense under USPIS authority. State law may separately address identity theft, fraud, and check forgery — creating parallel prosecutorial tracks. The identity-theft-provider network-purpose-and-scope page describes how jurisdictional overlap is structured across the service sector.

• Criminal vs. civil remediation: USPIS handles criminal investigation. Civil remediation — disputing fraudulent accounts, correcting credit reports — falls under the Fair Credit Reporting Act (15 U.S.C. § 1681) and involves the three major credit reporting agencies, not USPIS.

• Check fraud vs. account takeover: Check washing falls under bank fraud statutes (18 U.S.C. § 1344) in addition to mail theft statutes. Account takeover enabled by stolen mail triggers additional obligations under the Gramm-Leach-Bliley Act for financial institutions.

• USPS Informed Delivery as a detection tool: USPS Informed Delivery provides digital previews of incoming letter-sized mail, allowing addressees to identify expected mail that does not arrive. USPIS also uses Informed Delivery enrollment anomalies — where a perpetrator enrolls a victim's address under a different account — as an investigative indicator. Researchers and service professionals can find provider-level resources through the how-to-use-this-identity-theft-resource reference structure.