Scams & Phishing News US Post Office phishing sites get as much traffic as the real one

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/security/us-post-office-phishing-sites-get-as-much-traffic-as-the-real-one/

During the 2023 holiday season, Akamai Technologies observed a significant volume of DNS queries going to "combosquatting" domains that impersonate the USPS service.

Akamai started investigating USPS-themed phishing in October 2023 after an employee received a suspicious SMS that redirected to a site containing malicious JavaScript code.

Next, the analysts compiled a list of all domains using the same JS file from the past five months and kept only those with the USPS string in their name.

The design of these pages is very convincing and appear as exact replicas of the authentic USPS site with realistic tracking pages for status updates.

In one case, the phishing actors set up what looks like a dedicated postage items shop, which started getting significant traffic in late November, as consumers sought to buy gifts and collectibles for the holiday season.

From October 2023 to February 2024, the most popular malicious domains that Akamai discovered received nearly half a million queries, with two surpassing 150k each.

Consumers should exercise caution and be skeptic about any SMS or email messages about package shipments.

To verify the legitimacy of such communications, it's advisable to use the official website (by manually loading it in the browser) to check the delivery status of a product.

Clicking on the links included in messages for tracking parcels may lead to malicious locations.

US Post Office phishing sites get as much traffic as the real one

Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays.

www.bleepingcomputer.com

 

[CyberPanther]

It happened for Saudi Post and one of my relatives its card the limit was stolen.

 

[Victor M]

I receive fake shipping/delivery SMS notices every week on my phone.

 

[ForgottenSeer 109138]

Verification and Validation, its very important now days. Phishing/social engineering is the most commonly used method. Its not convenient but neither is losing financial or identity.

 

[SpiderWeb]

Sadly perfect traps for older people who are not tech savvy. Even for tech savvy people they are tempting emails and text messages. I get one, once in a blue moon and if it wasn't for the funny looking URL I might have fallen for some. There is nothing worse than waiting for a package and then getting a message that it was not delivered. You feel like you have to instantly investigate.

 

[TairikuOkami]

Sadly perfect traps for older people who are not tech savvy.

Sadly so. I work at the post office and an elderly lady asked me, if it is legit. I said it is a scam. She kept asking, is it legit? I kept saying no, ignore it.
She said, I better go ask at the post office. I said, it is Saturday, it is closed. She said, I better go ask anyway and she went to the closed post office.