I'm not LE, but am just hoping to get some perspective from those who are. We recieved the letter in the pictures below yesterday. It was addressed to me by name and physical address which is a little concerning, and is offering to sell me various forms of drugs in exchange for bitcoin. My first instinct was to just chuck it, but it mentions that they sometimes mail random drug shipments to recipients of the letters who don't place an order. I'm guessing this sort of thing is fairly commonplace and I should just disregard. Am I wrong in that assumption, and is there any reason to be concerned by this, beyond the fact that some random scumbag has my name and home address?

31363
31364
31365
31366

No drug dealer is going to mail random drugs to someone’s house that haven’t been paid for.

No drug dealer is going to mail random drugs to someone’s house that haven’t been paid for.

...and they aren't offering to either. You pay with bitcoin and then they ship. At least per their instructions. I think they mean a bitcoin address could get mixed up and someone's paid delivery goes to someone else's residence. If it actually works as listed. Which I doubt, most likely just a scam.


I'm not LE, but am just hoping to get some perspective from those who are. We recieved the letter in the pictures below yesterday. It was addressed to me by name and physical address which is a little concerning, and is offering to sell me various forms of drugs in exchange for bitcoin. My first instinct was to just chuck it, but it mentions that they sometimes mail random drug shipments to recipients of the letters who don't place an order. I'm guessing this sort of thing is fairly commonplace and I should just disregard. Am I wrong in that assumption, and is there any reason to be concerned by this, beyond the fact that some random scumbag has my name and home address?

It's *probably* just a scam to milk you for bitcoins. You wouldn't be wrong to report it to local LE just in case, though.

Oh, and they don't understand "entrapment".

...and they aren't offering to either. You pay with bitcoin and then they ship. At least per their instructions. I think they mean a bitcoin address could get mixed up and someone's paid delivery goes to someone else's residence. If it actually works as listed. Which I doubt, most likely just a scam.

They do state that they do random shipments (whether they would is another story, I tend to agree with Caleb that no dealer is going to waste their product). It's buried somewhere on page three or four. I think, as you note, it's probably a scam, it just sketches me out that this person had my exact name and address. I ended up filing a report with the USPS inspectors. Should I do local LE as well, or should that cover it?

They do state that they do random shipments (whether they would is another story, I tend to agree with Caleb that no dealer is going to waste their product). It's buried somewhere on page three or four. I think, as you note, it's probably a scam, it just sketches me out that this person had my exact name and address. I ended up filing a report with the USPS inspectors. Should I do local LE as well, or should that cover it?

I think most people would be surprised how easy it is to find people’s addresses.

I think most people would be surprised how easy it is to find people’s addresses.

Google has my current address, place of employment, and my facebook profile picture. I don't use my real name on facebook:confused::mad:

Scary stuff.

I think most people would be surprised how easy it is to find people’s addresses.

Closest I could find is the city I live and where I work in about 5 minutes of googleing... That said, it looks like this may have been the result of a data breach at my work. A notice was sent out that other employees are recieving similar letters and emails.

They do state that they do random shipments (whether they would is another story, I tend to agree with Caleb that no dealer is going to waste their product). It's buried somewhere on page three or four.

Right. But it's like their "entrapment". What they present as a way to make any transaction safe by circumventing the legal system. Note that it's in their "note to law enforcement" section. Boiled down it reads:

"Dear cops, we sometimes ship drugs randomly so if this house ordered drugs you can't prove the person at the address ordered it vs us just shipping it randomly. Nyah-nyah-pbbbbtt."


It's a wink-wink-nudge-nudge thing to make you feel safe that even if your package is intercepted you won't be in legal trouble so you should feel safe and secure "ordering". Not a real (even if it's a totally legit offer vs a bitcoin scam) "random sample giveaway" thing.

You should be fine if you filed a report with the Postal Inspection Service. Unless the letter originated inyour jurisdiction, it is unlikelythe local agency would follow up on the matter.

So I'm guessing no PF group buy???.....:confused:

If you got the letter in the mail, it gets reported to the Postal Inspectors.

https://postalinspectors.uspis.gov/

I wouldn't waste my time reporting that crap, you have pictures, archive them somewhere, and chuck that crap in the trash where it belongs.

Part two of this is that you and you coworkers need to get together and crawl up someone ass(es) at work for not securing your information, and work needs to pay for credit monitoring for a reasonable time frame, at least the next 24 months.

SNIP....

and work needs to pay for credit monitoring for a reasonable time frame, at least the next 24 months.

Unfortunately the information is going to be out there forever. I have been the victim of several data breeches (1 Tricare, 1 Veterans Administration and 1 OPM breach). Using the information from the OPM breach and some phone spoofing services someone was able to social engineer a major bank for 15K+ from my account.

If you have had a security clearance since 1980 (I think) your data was compromised.

The credit monitoring services are good, but limited. The breach from OPM was in 2015.

If you are concerned about your information make sure you enable two step authentication for your bank and other major accounts.

Google has my current address, place of employment, and my facebook profile picture. I don't use my real name on facebook:confused::mad:

Scary stuff.

I'm going to danger that your real ID is connected to Facebook through whatever email or phone number you registered with. The "name" is just an online handle no different than a forum, and has very little to do with actually connecting the dots.

Beyond that, if you have any sort of cloud connection through Windows, Apple, Google, or whatever, that service is syncing and sharing your details through any connections as well.

I think it was Dave Chappele who said "is there anyone sitting around asking 'how I am I gonna sell all this crack?'"

Scary data breech. Looks like the scammer is trying to look credible via sheer wall of text and lots of details. That's quite a variety of chemicals on the sell list.

I think, as you note, it's probably a scam, it just sketches me out that this person had my exact name and address.

You've basically received the snail mail equivalent of a phishing attack. I've never actually seen this over snail mail, so that's interesting, but the scheme is a really common one.

You see personal information in phishing attacks all the time: name, address, phone number, account name, online handles, sometimes even passwords from previous data breaches where your password wasn't being stored securely. It's estimated there's between 2500 and 4000 (https://www.schneier.com/essays/archives/2018/03/its_not_just_faceboo.html) data brokers (e.g., entities that buy/sell your personal information) in the US alone, so there's zero surprise in the fact someone has your name and address. It's unlikely they're targeting you specifically: what you got is probably just a form letter they auto-filled, printed, and then mailed out in-bulk to everyone in the data set they had on hand.

Unless a person has taken specific (and extensive) precautions against their personal info being leaked, the Internet knows everything about them. You just have to know how/where to look to find it.