Vulnerability Management, Phishing, Email security

Web traffic of fake USPS sites similar to legitimate site

Smartphone with the USPS logo on the screen. United States Postal Service app.

BleepingComputer reports that fraudulent United States Postal Service websites used in phishing campaigns recorded similar traffic as the legitimate domain on regular days, while surpassing the traffic of the postal service's real domain during the holiday season.

Nearly 500,000 queries were amassed from fake malicious USPS domains between October 2023 and February 2024, with "usps-post[.]world" and "uspspost[.]me" generating the most traffic, exceeding 150,000 queries each, according to an Akamai report. Moreover, ".com", ".top", and ".shop" were the leading top-level domains used in USPS-themed phishing operations during the same period. Further examination of the illegitimate sites revealed threat actors' utilization of exact replicas of the USPS site with convincing tracking pages.

Such findings have prompted researchers to recommend increased vigilance on emails or text messages regarding shipments, with consumers urged to verify the messages' legitimacy by looking up the USPS's official website manually to monitor their packages' delivery status while refraining from clicking links included in suspicious messages.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.