Email and Phone Number on Packages

Telephone number is very useful for deliveries. I've had delivery people call me because the mailing/shipping label was damaged in transit and they couldn't make out the exact address (maybe they could see the street, but not the house number, etc.), but because they could read the phone number, they called me to ask my address.

dxbender wrote: ↑ Something I've noticed for a while now that I decided to post about.

Why do some packages (not singling out a retailer as many do this) come with your email and/or phone number on the shipping label?

Maybe it's just me, but I dont like when I get a package only to see my email and phone number right on that same label too. I know when ordering you do have to provide both, but the name and address should be all that's on the label.

Just seems like invasion of privacy where someone can get a hold of your name, address, email AND phone number so easily like that. Yes I know the internet itself isn't safe either, but complete strangers can see all that info right on the shipping label itself.

Your name, address and phone number were available to everyone when phone books were still printed. I guess they can spam you with your email address.

tew wrote: ↑ Your name, address and phone number were available to everyone when phone books were still printed.

Phone books still are printed, but "most" people have unpublished phone numbers these days, and Bell only delivers the printed books to those who opt-in. Here's the 2020 residential white pages directory for the OP's location: https://edirectories.yp.ca/Mississauga- ... al-2021/C/#

I like when shipping labels have my phone number on it. For some odd reason drivers have a hard time finding my residence so they'll sometimes call me asking for directions or telling me they've parked next door.

jm1 wrote: ↑ Telephone number is very useful for deliveries. I've had delivery people call me because the mailing/shipping label was damaged in transit and they couldn't make out the exact address (maybe they could see the street, but not the house number, etc.), but because they could read the phone number, they called me to ask my address.

Also phone numbers are useful when:
1. The driver can't find the address on the parcel because it's either wrong or ambiguous, e.g. the address reads 123 Main but there's a Main St, a Main Ave and a Main Dr in the community.
2. The package gets delivered to the wrong address, perhaps because of 1. or simply the driver made an error.

I've had drivers call me to ask for clarification on how to find me because of the first point. I've also called people whose packages were misdelivered to me to ask them to pick their parcels up.

As others have said, this is all public information that can be obtained online. Spammers and others with bad intent can obtain names, addresses, phone numbers, email addresses (and often much more!) in bulk, either for free or at very low cost. Getting this data off individual packages would be a very inefficient way to do it.

I agree that the phone number has a potential purpose.
There is no reason for an email address to be on the label, but considering the limited exposure (shipper/delivery), I don't get too worked up about it.

What hasn't been mention though is after delivery.
Probably most put the boxes into recycling.
I always remove or obscure that type of info first.

arisk wrote: ↑What hasn't been mention though is after delivery.
Probably most put the boxes into recycling.
I always remove or obscure that type of info first.

Again, who cares? No one is going to collect cardboard boxes set out for recycling in order to "steal" this sort of information. Same goes with the name/address labels from junk mail. There are far easier ways to obtain this information in bulk. And if someone is targeting you specifically (e.g. for identity theft) they could steal this stuff out of your mail box or off your front porch, etc. before you even get it.

There's no harm in removing/obscuring that sort of stuff it if makes one feel better. All I'm suggesting is that it really doesn't matter.

dxbender wrote: ↑ Just seems like invasion of privacy where someone can get a hold of your name, address, email AND phone number so easily like that. Yes I know the internet itself isn't safe either, but complete strangers can see all that info right on the shipping label itself.

You mean the people who deliver your package? I highly doubt the UPS warehouse workers or drivers are harvesting email addresses and phone numbers while they work. Not enough time for that.

bylo wrote: ↑ Again, who cares? No one is going to collect cardboard boxes set out for recycling in order to "steal" this sort of information. Same goes with the name/address labels from junk mail. There are far easier ways to obtain this information in bulk. And if someone is targeting you specifically (e.g. for identity theft) they could steal this stuff out of your mail box or off your front porch, etc. before you even get it.

There's no harm in removing/obscuring that sort of stuff it if makes one feel better. All I'm suggesting is that it really doesn't matter.

The "who cares" attitude is often an entry point for security breaches.
There have been cases where people do actually go through garbage looking for info.
Sure, the odds are low, but exercise control where you can, and don't make it easier.
The life of that label doesn't end at the curb either.
I think I can assume you don't own or use a paper shredder either.

PointsHubby wrote: ↑ This

It’s important HOW you recycle your personal info.

Labels should be removed from packaging & destroyed (ie cut them up)

Packing Receipts ... should be retained or scanned (alongside your original order info)
Otherwise, the originals once they’ve served their purpose should be shredded

I always peel labels off and rip them up into a million little pieces. I also keep a permanent marker handy to black out labels that I can't easily peel off (such as those on plastic medication bottles).

Op. No offense but if this is such a problem, all you have to do is take the shipping sticker off and cut it up into tiny peices. This is what i do for all my mail. It's not that big of a problem or an issue.

arisk wrote: ↑ The "who cares" attitude is often an entry point for security breaches.
There have been cases where people do actually go through garbage looking for info.
Sure, the odds are low, but exercise control where you can, and don't make it easier.

Perhaps "who cares" is too dismissive, although that's how I actually feel about name, address, telephone number and email address. If anything, obsessing over this stuff may lead people into a false sense of security. That said, I do care--a lot--about more sensitive, personal information like SINs, account numbers, PINs, passwords, even the labels on prescription bottles, etc. and I do make extensive efforts to secure/destroy them.

I'd be grateful if someone could explain how name, address, telephone number and email address alone--which is what this thread is about--can be [ab]used profitably by others. As has already been pointed out, all of this data is readily available in bulk to anyone who wants it. If someone wants to try to use those four data items to try to "social engineer" your accounts, they can get that data without having to rummage through any garbage cans or recycling bins.

Of course there are people who go through other peoples' garbage. But AFAIK they're looking for things like statements and invoices that contain much more personal information such as I listed above that can be used to commit fraud.

I think I can assume you don't own or use a paper shredder either.

You would be very wrong, not only on our use of shredders but also the number(*) we have. I make a lot of use of a shredder to destroy the stuff that can be used by bad actors to commit fraud against me and my family. That includes stuff like statements, invoices, tax returns, account applications, etc. Any such paper that needs to be kept is first scanned to PDF then stored on encrypted media so that even if someone hacks my computer, steals my storage drives or accesses my cloud accounts they can't use any of the personal data they may find.

But hey, if you feel more secure by peeling off address labels and shredding them, then go for it. Just don't let that lull you into a false sense of security or worse, neglect worrying about securing the data that could actually be used nefariously to harm you.

(*) For the record there are four paper shredders in this two-person household, all cross-cut. But that's a long story and I won't digress...

PointsHubby wrote: ↑
This

It’s important HOW you recycle your personal info.

Labels should be removed from packaging & destroyed (ie cut them up)

Packing Receipts ... should be retained or scanned (alongside your original order info)
Otherwise, the originals once they’ve served their purpose should be shredded

arisk wrote: ↑ The "who cares" attitude is often an entry point for security breaches.
There have been cases where people do actually go through garbage looking for info.
Sure, the odds are low, but exercise control where you can, and don't make it easier.
The life of that label doesn't end at the curb either.
I think I can assume you don't own or use a paper shredder either.

I do actually shred up any label with a name / address on it. But you have to realise, shredder manuals typically tell you not to put anything sticky or with glue into them. So I normally just chop up the labels really finely with scissors. Has anyone actually had a problem with accumulated glue from packing stickers gumming up their shredder?

Actually I am really careful about this - the wrappings / labels for medications and stuff do not go into my garbage. Even blister packs, I keep the backings and throw them in various trash bins like in the grocery store, etc. You never know who will find that stuff.

bylo wrote: ↑ I'd be grateful if someone could explain how name, address, telephone number and email address alone--which is what this thread is about--can be [ab]used profitably by others. As has already been pointed out, all of this data is readily available in bulk to anyone who wants it. If someone wants to try to use those four data items to try to "social engineer" your accounts, they can get that data without having to rummage through any garbage cans or recycling bins.

This is an old example, but consider the Epic Hacking of Mat Honan.

All the crooks needed was his home address and e-mail. They used that with some clever social engineering to hack into his Amazon account. And using the info from his Amazon account, they got into his Apple ID account. And from there they stole his Gmail and other accounts, and tried to fully erase his synced Apple laptop and phone.

Now these companies have admittedly tightened up security somewhat and 2FA is more prevalent than ever.

But all it takes is 1 company somewhere with a weak CS representative or weak security. And that chink in the armour will allow criminals to find a way to get more of your information, which could allow them to unlock even more accounts.

Jucius Maximus wrote: ↑So I normally just chop up the labels really finely with scissors. Has anyone actually had a problem with accumulated glue from packing stickers gumming up their shredder?

I just stick labels to another piece of paper. I suppose glue could get on the blades but it's never been a problem and I only shred the few labels that have sensitive information on them (e.g. Rx labels), not every label from every box. I also lubricate the blades regularly with ordinary machine oil to keep everything running smoothly.

Actually I am really careful about this - the wrappings / labels for medications and stuff do not go into my garbage. Even blister packs, I keep the backings and throw them in various trash bins like in the grocery store, etc. You never know who will find that stuff.

I wonder how many people chuck the cardboard boxes the blister packs come in and/or the preprinted patient information sheets inside the boxes into the garbage. That stuff doesn't carry any personal information but it does indicate that someone in your household is on that medication.

This is an old example, but consider the Epic Hacking of Mat Honan.

All the crooks needed was his home address and e-mail. They used that with some clever social engineering to hack into his Amazon account. And using the info from his Amazon account, they got into his Apple ID account. And from there they stole his Gmail and other accounts, and tried to fully erase his synced Apple laptop and phone.

In that situation they were targeting an individual. If they didn't already have it they could probably have gotten his phone number and email by social engineering it out of him directly, then parlayed that into social engineering his Amazon account, etc.

Now these companies have admittedly tightened up security somewhat and 2FA is more prevalent than ever.

But all it takes is 1 company somewhere with a weak CS representative or weak security. And that chink in the armour will allow criminals to find a way to get more of your information, which could allow them to unlock even more accounts.

Put it another way, relying on keeping your phone number or email address a secret is a mug's game. Shredding labels and envelopes that contain this leads to a false sense of security.

If I wanted to get the email address of a particular person whose name (e.g. John Doe) and address I already have, I could probably social engineer it using a technique like this:
1. Drive by their place early on recycling day.
2. Note the empty cardboard boxes in their recycling. I'm not interested in the label; just who they buy stuff from, e.g. Amazon.
3. Contact Amazon customer service. Tell them I'm this John Doe and that I've been trying to buy something on amazon.ca. It seems I've forgotten my password. Now when I tried to enter my email address the system rejected it. I thought it was john.doe@gmail.com but it seems I must have registered by some other address.
4. Then I'd ask the CS agent for the email address I use to login to Amazon just so that I can request a password reset.
All this sounds like an innocent, legitimate request by an absent-minded customer. All the CS is divulging is the person's email address, i.e. no passwords, account numbers or other sensitive data. The person still needs to be able to login to this email address in order to get and use the password-reset email, so there's no security breach. Etc.

bylo wrote: ↑ Put it another way, relying on keeping your phone number or email address a secret is a mug's game. Shredding labels and envelopes that contain this leads to a false sense of security.

If I wanted to get the email address of a particular person whose name (e.g. John Doe) and address I already have, I could probably social engineer it using a technique like this:
1. Drive by their place early on recycling day.
2. Note the empty cardboard boxes in their recycling. I'm not interested in the label; just who they buy stuff from, e.g. Amazon.
3. Contact Amazon customer service. Tell them I'm this John Doe and that I've been trying to buy something on amazon.ca. It seems I've forgotten my password. Now when I tried to enter my email address the system rejected it. I thought it was john.doe@gmail.com but it seems I must have registered by some other address.
4. Then I'd ask the CS agent for the email address I use to login to Amazon just so that I can request a password reset.
All this sounds like an innocent, legitimate request by an absent-minded customer. All the CS is divulging is the person's email address, i.e. no passwords, account numbers or other sensitive data. The person still needs to be able to login to this email address in order to get and use the password-reset email, so there's no security breach. Etc.

I posted the solution to someone 'guessing' your e-mail address in another recent thread about identity theft:
Someone seems to have been trying to get into my accounts for a few weeks

tl;dr - You make unique addresses for every account / service and organize them in a password manager.

Have you even tried to socially engineer amazon and pretend that you forgot your account's e-mail address?
That e-mail is the main identifier. Here's an example of someone in that same dilemma: Forgot the email I created my account with and Amazon won't tell it to me?

Jucius Maximus wrote: ↑tl;dr - You make unique addresses for every account / service and organize them in a password manager.

Very few people go that far, certainly not your typical "John Doe."

Remember too that this started with the OP's concern that their email address is on a mailing label. If OP uses a unique email address for every account then they needn't worry about someone "stealing" it off their labels.

Have you even tried to socially engineer amazon and pretend that you forgot your account's e-mail address?

I used Amazon as an example. If they don't cooperate then it's likely there's other stuff in John Doe's recycling that identifies who else they do business with. Chances are those outfits don't take similar precautions to Amazon's. Or are you also suggesting that people shred all their cardboard boxes too since those boxes are preprinted with the names of companies the contents came from?

<RANT>
You and I and presumably the OP are relatively computer-knowledgeable people who understand the risks, know how to mitigate them and are comfortable with all the added measures needed to implement and manage those measures. That represents a tiny fraction of the population. The rest don't even understand the problem, appreciate the risk, have the skills to find, use and manage the sort of tools we do, etc. Their heads are probably throbbing just from trying to read and understand what we're discussing. To appreciate the typical computer user just read the almost daily reports on CBC's website of people who got hacked and how those hacks were done. It's depressing.

Then again people still forget to lock their car doors then complain when it gets broken into or stolen. Protecting computers and personal privacy is far more difficult. But if they can't do the simple stuff...
</RANT>