Can Mail Be a Cybersecurity Risk?

When people consider how to keep their information safe, they often focus on passwords, online accounts and keeping computers virus-free. However, one thing the world usually overlooks is mail. The letters and packages that arrive at their doorstep can be a problem for businesses and consumers.

Like email addresses, physical mail can have sensitive information that hackers can steal in ways people least expect. In a seemingly innocent attempt to gain personal information, the recipient could reveal their data, allowing for misuse and harm. 

Cyber attackers look for any opportunities to steal data, even through mail. If they can access it through this method, they can certainly use it for malicious purposes. That is why everyone needs to be careful with their mail. Just like how they protect their online accounts, they must keep their mailboxes safe, too.

Types of Cybersecurity Risks Associated With Mail

Hackers can steal information through mail in various ways. The most common methods include the following. 

Phishing via Snail Mail

Phishing through snail mail involves sending letters that appear to be from reputable sources, like banks or service providers. The fraudsters will send letters asking recipients to share sensitive information or send money. These letters can look incredibly authentic, making it challenging to spot the scam.

The FBI has even warned the public of an increase in technical support scammers in 2023. They pose as well-known companies, claiming fraudulent activity or that the victim is due a refund for a subscription service. Through persuasive communication, the victim will believe they must act to rectify these issues or claim their refunds. 

However, the twist in this scam is how the scammers instruct victims to send an “overpaid” refund back. They tell them to wrap the cash in a magazine for concealment and send it via a shipping company to an address the scammer provided. 

Malicious QR Codes or URLs

Scammers also steal personal information via mail by including QR codes or website links in a letter. Once the recipient scans the QR code or visits the URL, hackers can steal their personal information or infect their device with malware.

These websites often trick victims into entering login details, financial information or other sensitive data. With these sites looking authentic and convincing, it can be challenging for the user to detect the scam. Plus, the simplicity of scanning a code means people may let their guard down and not apply the same level of skepticism they have with an email. 


Warshipping is a clever method attackers use to breach security systems. This technique involves sending devices — like USB drives — embedded with malicious software to victims through postal services. The package often looks harmless and could even be mail that one is expecting to receive. As such, the recipient may be less wary of connecting the device to their computer.

USB drives can be dangerous because of their ease of use and universal compatibility. Most computers will recognize and run software from USB drives, making them the perfect carrier for malware. Once connected to a computer, the USB drive could establish a backdoor for attackers, allowing them prolonged access to the victim’s network.

Mitigation Strategies

While these cyber threats via mail are increasing, people can take several steps to guard themselves against the risks.

1. Use Digital Mail

Consider switching to digital mail, as it offers numerous advantages over traditional mail. Digital mail eliminates the risk of physical interception and speeds up communication. It also allows for easy tracking and organization of messages and reduces the environmental impact associated with paper mail. Digital mail does come with cyber risks, but you can protect it using encryption and secure online portals.

2. Always Be Skeptical

Being skeptical of incoming mail is a crucial defense against scams and phishing attempts. Always approach unsolicited mail with caution and question its authenticity before acting on its contents. Verify the sender using contact information obtained from official sources rather than the mail itself. This will protect against attempts to trick an individual into downloading malware or stealing personal information.

3. Use Secure Handling

Consider only opening mail from known senders and be wary of unexpected packages. For sensitive documents, use a locked mailbox or a postal service that requires a signature upon delivery to prevent theft. When disposing of mail containing sensitive information, use a shredder to avoid identity theft. 

Additionally, consider opting out of unsolicited mail through official registries to reduce exposure to scams. Taking these fraud prevention steps can enhance mail security, saving people over $12 billion in losses worldwide.

Safeguarding Information in the Age of Mail Threats

Though most consumers and businesses use email to communicate these days, receiving letters or packages in the mail remains prevalent. Being skeptical of any mail is essential, especially if it requests sensitive information. Awareness and proactive measures are key to avoiding cyber threats. With suspicion as the best defense, people can keep their information safe and prevent damage in the aftermath.

As the Features Editor at ReHack, Zac Amos writes about cybersecurity, artificial intelligence, and other tech topics. He is a frequent contributor to Brilliance Security Magazine.

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.