Gandalf_The_Grey
Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,379
During the 2023 holiday season, Akamai Technologies observed a significant volume of DNS queries going to "combosquatting" domains that impersonate the USPS service.
Akamai started investigating USPS-themed phishing in October 2023 after an employee received a suspicious SMS that redirected to a site containing malicious JavaScript code.
Next, the analysts compiled a list of all domains using the same JS file from the past five months and kept only those with the USPS string in their name.
The design of these pages is very convincing and appear as exact replicas of the authentic USPS site with realistic tracking pages for status updates.
In one case, the phishing actors set up what looks like a dedicated postage items shop, which started getting significant traffic in late November, as consumers sought to buy gifts and collectibles for the holiday season.
From October 2023 to February 2024, the most popular malicious domains that Akamai discovered received nearly half a million queries, with two surpassing 150k each.
Consumers should exercise caution and be skeptic about any SMS or email messages about package shipments.
To verify the legitimacy of such communications, it's advisable to use the official website (by manually loading it in the browser) to check the delivery status of a product.
Clicking on the links included in messages for tracking parcels may lead to malicious locations.
US Post Office phishing sites get as much traffic as the real one
Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays.
www.bleepingcomputer.com