Why Is The US Postal Service Such A Popular Target For Phishing Scammers?

If you’re like most Americans, it might be hard to remember the last time you visited the official United States Postal Service website. And for many consumers targeted by often sophisticated phishing schemes, it can be all but impossible to tell the difference between a scam site and the real thing.

As it turns out, that’s all part of the plan.

What you should know

Phishing by its very nature is a form of fraud that relies on convincing targets that they’re visiting a legitimate site, and the postal service provides a unique opportunity for unsavory actors to do just that.

A company called Akamai Technologies has been investigating this trend for months and found a surprisingly high number of phishing operations that send unsuspecting victims to a site meant to mimic the authentic USPS domain. Once there, the targets are urged to make payments to release an item that had supposedly been held up due to outstanding fees or some other unpaid cost.

As part of its probe, Akamai has put together a comprehensive list of web domains that use the same malicious JavaScript code as well as include “USPS” in their address. A common factor is that they’re all designed to look legitimate, whether they depict fraudulent tracking information, status updates, or postage shops.

How to protect yourself

Knowing that these phishing operations are underway is your first line of defense. So if you receive an update that appears to be from the USPS, be suspicious and do your research.

These scams are more common near the holidays, since more consumers are using the postal service to send gifts through the mail. And while “.com” is by far the most commonly used top-level domain, other scam sites use “.shop,” “.xyz,” “.org,” and “.info.”

Chris Agee April 30th, 2024

Share this story: