As a privacy advocate I am constantly surprised at the number of people who freely give out their home address without a second thought. It shocks me endlessly that people will give over their actual, physical home address in exchange for slight discounts on groceries, when creating accounts for online services of all types, to have a miniscule chance of winning a new car, etc. I would never dream of giving out my true home address for any of these reasons, and I always take pains to avoid it for reasons that are much more serious than these.
Regardless of this and the fact that much of we all still need to receive mail. Receiving this mail at home opens you up to a number of vulnerabilities including:
Mail Theft: Mail theft still happens and it recently happened to one of my clients. Some of her checks were stolen and forged for cash. To conceal the crime the thief (who knew where she lived because her address was on her checks) stole her bank statements from her mailbox. She did not know she had been the victim of a crime for several months. I am continually surprised at the vast numbers of people who are content to let bank statements, pre-approved credit card offers, utility bills, and other very sensitive items be left in an unsecured mailbox for hours or days at a time. The theft of such personal information could lead to identity theft, credit fraud, and other crimes.
Much of this threat can be alleviated by going paperless where possible. Just ensure that you are securing your online accounts with unpredictable usernames, good, strong passwords, and two-factor authentication.
Social Engineering: A quick glance at mere junk mail from your mailbox can reveal your name and the names of your family members and roommates. This information can be used to launch a social engineering attack against you. How would you react if someone appeared at your door and seemed to know the names of all the members of the household? An attacker could use this information to convince you (or your children) that he or she is a trusted figure. This information could be used in a variety of imaginative ways to manipulate you or your family.
Data Marketing: Though the threats of mail theft and social engineering are relatively rare ones, the possibility of your name being associated to your home address through the mail you receive is all but guaranteed. When you order a package from an online retailer your name and address is added to their database and will eventually be sold to data marketers. Then Fedex, UPS, and yes, even the US Postal Service will collect this same name and address data and sell it to data marketers yet again. The end result of this, in addition to tons of junk mail, is that your home address and name are in numerous databases, many of which are available on open-source internet sites.
Using a post office box or commercial mail receiving agency (CMRA)(such as Fedex or UPS stores) you can be reasonably assured that your mail is secure. It is stored behind lock and key until you come get it, and many such facilities have security cameras. This does not mean that a very determined adversary could not access it, but it is still much safer than it is in an open mailbox on your street.
There are some additional benefits to using a CMRA that are not offered by the U.S. Postal Service, and CMRAs are subject to the same strict security standards as the U.S. Postal Service. For example, they cannot give your mail to anyone who has not been added to the mailbox and who does not present a photo ID.
Package Delivery: If you are expecting a package it is much a CMRA it can be received and held by a CMRA. In contrast Fedex and UPS will not deliver to Post Office boxes. If a signature is required for the package a representative from the store will sign for it, as well, preventing you from missing an important delivery, and preventing packages from sitting unattended on you front porch.
Street Address: Rather than having to give out a P.O. Box, with a CMRA you will be given a street address and box number. Though you cannot use a CMRA as your home address for official records like drivers’ licenses (because they are flagged as commercial facilities), you can give this address out to many parties without it being obvious it is a mail receiving agency. You can further obscure the nature of your address by adding “Apt” or “Suite” in front of the box number; you mail will still find you, but the address will appear to be a residential or business address.
Using a P.O. Box or a CMRA will make you neither invisible nor anonymous. But if you have taken steps to obscure you home address to prevent identity theft, stalking, or other threats against you, using one will help prevent your name from being associated with your physical location. You can make this pay off even more by getting a mailbox in another city or town. For example, when I had a “normal” job and commuted, my CMRA mailbox was in the town in which I worked, which was roughly 30 miles from my home. I created quite a trail of information to that mailbox, but it was far enough away from my home that I didn’t lose any sleep over it.