262,000 suspicious mail items in 2021.   6,300 threats  —  are you prepared?

Download our Annual Mail Security report.

Mail Threat Alert - OctoberAugust September July 2020

Dangerous Mail Report Download

Prior to developing a mail screening and safety plan, you should be familiar with the types of potential threats that are possible to receive through the mail stream.

Keep in mind, when I talk about the “mail stream” I’m talking about letters and packages received via the U.S. Postal Service, express carriers like UPS and FedEx, as well as regional and local carriers — the core principles of mailroom security.

Staff should be familiar with the types of credible mail threats they may see as well as the types of hoaxes that are often commonplace.

Once they have gained a working familiarity with what to look for, proper responses should be addressed for the different types.

Hoaxes are intended to represent real threats and are meant to threaten, scare, intimidate, disrupt, and cause general inconvenience to individuals, organizations, and society in general.

Due to the potential risk associated with credible threats, hoaxes typically require the same response from first responders up until the point they are deemed non-credible.

As such, the effects of a hoax are a lot of times similar to a real threat.

Subscribe to Threat Alerts

Join our community of experts and receive intelligence reports on mail security. We regularly send real-time mailroom threat incidents.

Find out what is happening near you, so you can respond quickly.


Threatening Letter.

Threatening Letters

The most basic type of hoax is the threatening letter. Threatening letters are just that: they contain written threats on the communication inside the envelope or on the envelope itself. The statement may be a few words long or may be more detailed in nature.

Even though threatening letters are typically harmless, they can be precursors to something more serious. Suspects may escalate their tactics if they do not get the response they wanted.


White Powder Letters

Hoaxes take many different shapes and one of the most common and most familiar is the white-powder letter. Ever since the anthrax attacks of 2001, white-powder letters have been commonly used as a way to harass and intimidate.

Normally containing a non-threatening substance like flour, corn starch, or baking powder, white-powder letters are simple to create and can cause a tremendous amount of disruption.

In 2014, Hong Ming Truong of Rowlett, TX, was arrested by United States Postal Inspectors and FBI agents for sending more than 500 hoax letters spanning more than 5 years.

The letters contained threatening verbiage and most, but not all of the letters contained a non-hazardous white powder.

The cost of emergency response by first responders exceeded $2.8 million. Keep in mind, this figure does not include financial loss from businesses, schools, and government offices.

I can say from first-hand experience in personally responding to a number of these incidents, the amount of disruption and concern he created was enormous.

Truong was sentenced to serve 60 months in a federal prison in December 2015.


Political Affiliation is an Obvious Flag for Potential Targets

Hoax Devices

Hoax devices are explosive devices missing one or more components preventing them from functioning.

The intent of these devices is to threaten, scare, and intimidate, and often the suspect wants the intended target to know a functioning device could have been sent.

There is more intention behind these mailings when compared to the other types of hoaxes and they should be taken as such.

A thorough screening process with comprehensive x-ray imaging and interpretation is paramount in identifying these types of devices early in the process.

Compare these hoaxes to Warshipping — not quite a hoax, but not intended to cause immediate physical harm, either.


CBRNE Threats — Chemical, Biological, Radiological, Nuclear, Explosive

CBRNE threats move up the chain in severity, disruptive nature, and response. Fortunately, these types of threats are rare; however, the consequences could be grave in nature. It is important to know what the different types are and how they may present themselves in the mail stream.

Once the familiarization process is complete you can make better assessments in policy, procedure, and the equipment needed to help you deal with these types of risks.



Chemical agents or chemical weapons through the mail stream are rarer than other types of threats. Typically, this is due to the complexity of acquiring the agents and weaponizing them in a mailable form. When we are talking about chemical threats in a categorical sense, they are usually broken down into the following:

  • Irritants
  • Commercial (industrial) chemicals
  • Blood agents
  • Nerve agents
  • Blister agents
  • Pulmonary agents

If you are screening for these types of threats, your capabilities should cover vapors, liquids, and solids.



Biological threats made their grand entry into the public eye due to the 2001 anthrax attacks, which killed 5 people and sickened many more.

The significance and public nature of this case created a sense of paranoia across America. It also resulted in the use of white-powder letters as a method of intimidation and harassment.

As a result of these mailings, numerous facilities, buildings, complexes, and postal facilities had to go through decontamination processes costing hundreds of millions of dollars.

The anthrax mailings of 2001 were followed by several attempts to send ricin in the mail, in 2003.

One of the letters was discovered at a mail processing center in South Carolina and an additional ricin letter was discovered addressed to the White House at their mail-processing facility.

In 2004, a white powdery substance was located on a sorting machine in the Dirksen Senate Office Building, which later tested positive for ricin.

This incident caused employees to undergo decontamination and resulted in the closing of several government buildings. The availability and dangerous nature of ricin make it more of a potential threat than a lot of the other biologicals.

These are high-profile incidents and as such, they have garnered a lot of public attention. However, there are threats outside of anthrax and ricin, which are possibilities.

Tularemia (rabbit fever), smallpox, and plague, also fall within the realm of mailable biologicals. However small the risks are, familiarity and basic knowledge of these types of threats is important.


Radiological & Nuclear

When most folks think of radiological or nuclear threats they think of dirty bombs, which is simply distributing radiation via an explosive device. The odds are in our favor in regards to this type of device being sent through the mail.

Despite the fact this type of device may not cause large numbers of deaths, the amount of collateral damage would be significant. Panic, paranoia, evacuations, cleanup efforts, etc., would be quite the undertaking.

Fortunately, these types of materials are extremely difficult to obtain, but not impossible. Although a little dated, in 2008 the British Environment Agency and MI5 began to track and destroy unused hospital devices containing radioactive material.

As of the reporting, there were 9 missing devices which were either lost or stolen. The devices only contained a small amount of radiation, but enough to be used in a weapon.

Experts have noted that such materials are too plentiful to count precisely, but roughly estimate they are contained in more than 70,000 devices, located in at least 13,000 buildings all over the world — in many cases without special security safeguards.

The odds of this type of device is extremely low but possible. A comprehensive risk assessment will determine your organization’s risk level and will identify what screening measures you may need to employ.



An explosive device sent through the mail is a lot more probable and there has been a history of these devices going through the mail stream over the years.

These incidents have occurred all around the world and include everything from letters to larger packages.

In late 2018, Cesar Sayoc, Jr., sent 16 explosive packages (pipe bombs) through the U.S. mail stream to a number of prominent government officials and news agencies.

All of the devices were designated as IED’s (improvised explosive devices), but were missing components of, or had incomplete, firing trains. Sayoc admitted to sending the devices as a means to threaten or intimidate.

The suspect pled guilty and will be sentenced late 2019.

Pipe bombs are a common favorite due to the fact they are easy to construct, but most are very crude in nature and are sloppily designed.

The Unabomber is one of the most well-known criminals utilizing pipe bombs, which were quite advanced compared to most. He used a combination of placed devices and mailed devices, which ended up killing 3 people and injuring 23 more.

However, more sophisticated devices have been used in the past. The 2010 Transatlantic aircraft bomb plot consisted of two separate packages shipped via FedEx and UPS and originated in Yemen.

These sophisticated devices used toner cartridges to conceal the high explosive PETN (pentaerythritol tetranitrate) and utilized a cell phone alarm to trigger the devices.

They were constructed in a manner to make it difficult to detect on x-ray screening.

Parcel bombs can be made from a wide variety of explosive material with varying degrees of lethality and complexity. Despite the complicated nature of some of these devices, there are methods of screening and detection which can be utilized to reduce risk.

Mailed devices are typically designed to initiate when opened, which allow more margin than placed devices in terms of screening. However, early identification is needed in order to initiate a prompt and proper response.

Regardless of the company or organizational size, a comprehensive mail screening and safety assessment needs to be completed. There are a lot of factors that contribute to an organization’s level of risk and vulnerability.

Once these are determined, proper policy and procedure can be put in place to help mitigate the most common threats.


Subscribe to Threat Alerts

Join our community of experts and receive intelligence reports on mail security. We regularly send real-time mailroom threat incidents.

Find out what is happening near you, so you can respond quickly.