Sometime in November, someone walked into a U.S. post office and filled out a change of address form, just as tens of millions do each year to route their mail to a new address. The person signed the form, handed it in, and walked out. That was enough to set in motion a domino effect that upended the life of a former Microsoft executive several states away, as the person who signed the form effectively hijacked the executive’s home address in just a few minutes.
The fraud relies on a simple flaw in how the U.S. Postal Service processes changes of address. It’s neither new nor a particularly sophisticated technique, and has long been known to fraudsters and federal investigators. A fraudulently filed change of address form can have lasting fallout for the thousands of individuals whose mail is hijacked and rerouted every year, with criminals able to obtain bills, credit cards, and other sensitive information that can be used to raid bank accounts or make fraudulent purchase...