USPS elocks on cluster mailboxes (and more)

From discussions I've had with other HOAs it appears that mail theft is a real and growing problem. We've reported per procedure to our PO, inspector and to our police department and that went no where.

We're pretty certain that the master key (arrow key) to our four clusters (CBUs) is "out in the wild" and after reading through audit reports (22-178-R23, 19-033-R20 and 24-089-R25) from the Inspector General we've come to the following conclusions:

1. As there's no physical damage to our 4 CBUs and based on the findings in the audit reports referenced above, we feel certain the arrow key has been stolen or lost.
2. And based on discussions with our PO and on findings in audit report 24-089-R25, it seems pretty clear that elocks are nowhere in the near future.
3. With the arrow key in the wild, it makes very little sense to replace our CBUs with new ones.
3. And even if our PO re-keyed our locks tomorrow, with the lack of effective key management controls, that might be a short lived solution.

So we've taken the following steps:

Our board has made this a priority
Our members have been notified of the situation.
Notices of electronic surveillance have been posted on our CBUs.
We're considering implementing other detective and preventative controls.
We have ongoing contact with our PO and inspector.
Periodic notifications are sent out to our membership. Currently only via email and hard copy postings on our CBUs.
We've scheduled a membership meeting to discuss our approach and options.
We've made the following recommendations to our members for them to consider
a. Retrieve your mail promptly. When you do, inspect the CBU looking for tampering. Report it if you see something.
b. Signup for Informed Delivery to receive daily emails showing the items you’ll receive in the mail that day.
c. Put a hold on your mail if you’re going to be out of town.
d. Wherever possible, stop receiving checks in the mail. Have the funds automatically deposited to your accounts.
e. Wherever possible, stop receiving hard copy invoices/bills/statements. Instead, have your service providers email these to you.
f. Stop mailing checks. Enable autopay or use bill pay whenever possible.
g. If you must mail a check, mail it from the UPS store or some like location.
h. Setup transaction notifications on your accounts so you’re notified via txt or email when selected transactions are made against your accounts or against your credit cards.
i. Monitor your credit reports and receive notifications whenever a change to your credit rating occurs.

My questions is:

What other recommendations and steps should we be taking?

Thanks,

Jeff

Perfect, exactly what I was looking for....thanks for your reply!

Just happened to us twice and we had to buy new boxes…they were not insured. Make sure your mailboxes are insured.

Adding to what Tim said, you should assume that your data is going to be stolen eventually and you should take steps to lock down as much as you can.

* Try to avoid using snail mail for business. Leave the snail mail for greeting cards and junk mail.

* Freeze your credit even if you don't think you need to, and put a fraud alert on your accounts if you have evidence that suggests your information is being used by the bad guys. (I agree it's a pain because you have to remember to un-freeze your credit if you want to make a major purchase.)

* Use multi-factor authentication for any website that deals with your personal information. Also a pain, but worth it. Consider using biometric authentication (finger prints, etc.). Disclaimer: I haven't made up my mind about this yet. I assume that this info can also be stolen and faked, although it takes more effort on the part of the bad guys. Email addresses and passwords are easily changed, but they're also the low-hanging fruit and greatest point of vulnerability.

* If you have security software on your devices, you'll often receive newsletters from the companies that talk about the latest data breaches and scams. Read the newsletters - they have useful information.

For board members, here's yet another reason to encourage the membership to pay their assessments electronically.

Also, if your state laws allow you to communicate essential information via email (eg. annual meeting notices), consider doing so. Some things such as collection or foreclosure notices need to be handled via snail mail (return receipt requested), but keep in mind that proof of delivery may not mean that the recipient actually received the item.

Jeff,
The only warning I would give anyone who wants to Freeze Credit is it does have its problems. The codes that they give you at each website when the freeze takes place are very important. I froze mine over 15 years ago after a credit breach. I did not pay enough and quickly lost those security codes. I am not a guy who buys many things, but we did move from Ca. to Texas, and we just decided to put out Home in my wife's name since her credit was not frozen. Not everyone can do that with housing prices and interest rates.

I do have peace of mind that no one can use or abuse my credit including me.

Yes, thanks for mentioning not posting mail to collection boxes. Collection boxes are apparently a more popular target than are CBUs. I'll add that to our list of recommendations.

About checks....I thought the same but unfortunately that's not the case in our HOA. Color me surprised!!!!

Thanks again for your reply.....much appreciated.

Not only that, the drive up boxes you see in strip mall parking lots or a street corner aren't monitored at all, and thieves have been known to fish envelopes out of them and take the ones that have checks in them.

Speaking of assorted theft, has anyone heard of folks getting deliveries from Amazon they didn't order? This happened to my sister and I've seen other people talk about it on the NextDoor website for my neighborhood. I did a Google search on the subject, and this came up:

"Brushing is a scheme to create fake sales and reviews for a product. It is generally carried out by sellers who want to increase sales using positive online reviews. Sellers will mail unordered items to individuals and use the recipients' names to post positive online reviews for the product.

Receiving unordered packages from Amazon means your information has been compromised. A third-party seller somehow acquired your name, shipping address and possibly your Amazon account information. Amazon provides a help page for victims of brushing scams"

Let's not forget about the "porch pirates" who don't really care if you have a video doorbell - when you order something, you can instruct the delivery person to put the package in an inconspicious area. There are even lockable boxes you can get where the package goes in, but only you have the key, combination, etc., to open it. I think they can also be weighted down so a thieft doesn't pick it up.