Phishing Campaigns Spoof the U.S. Postal Service

Google Docs Comment Feature New Wave to PhishingResearchers at Akamai have found that phishing sites impersonating the U.S. Postal Service get as much traffic as the real USPS website.

“The amount of traffic to the illegitimate domains was almost equal to the amount of traffic to legitimate domains on a normal day — and greatly exceeded legitimate traffic during the holidays,” the researchers state.

Many of these sites are used in “failed delivery” scams. Links to the sites are distributed via text messages telling recipients to visit the site in order to schedule a redelivery. USPS is also the most impersonated sender. 

“Looking at the overall numbers, we see two domains got more than 100,000 hits each: usps-post[.]world and uspspost[.]me,” Akamai says.

“Combined, these two are responsible for 29% of all malicious traffic inside our dataset. Keeping in mind that we’re only looking at a data sample, the traffic that some of these domains are seeing is truly mind-blowing. It’s not surprising that USPS phishing campaigns have been, and continue to be, so popular for scammers. Unfortunately, there are tons of people visiting these websites, which means they’re lucrative for the attackers running them.”

These types of scams spike during the holiday season, since many people are expecting real deliveries.

“The most popular domain that we saw is usps-post[.]world, a domain which might be mistakenly interpreted as an official international branch of the USPS,” the researchers write.

“Considering how lucrative well-designed malicious domains can be, we have to admit it is a well-chosen domain name. When you tack on the ‘failed delivery’ messaging, and/or the holiday-focused branding during the largest delivery time of the year in the United States, the success of these malicious pages makes sense.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Akamai has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews