Threat actors are abusing vacant residential properties, real estate listings, postal services, and weak identity verification to intercept and redirect mail for identity theft and financial fraud. Flare analysts observed tutorials on Telegram and dark web forums showing how to find βdropβ addresses, use services like Informed Delivery and Change of Address, and set up persistent mail forwarding with fake identities to scale low-tech, hard-to-detect fraud operations. #InformedDelivery #USPS
Keypoints
- Attackers identify vacant βdropβ addresses via real estate platforms such as Zillow, Rightmove, and Zoopla.
- Legitimate postal services like Informed Delivery and Change of Address are used to discover and monitor incoming mail.
- Fake identities, forged documents, and purchased personal data enable mailbox registrations and forwarding requests.
- Operations blend OSINT, postal logistics, and recruited individuals to create scalable, persistent fraud workflows.
- Detecting this abuse requires correlating address usage, mail-forwarding activity, and identity inconsistencies beyond traditional cybersecurity controls.