Fake US Postal Service (USPS) websites, designed to steal people’s sensitive information and payment data through phishing, get almost as much traffic as the actual USPS website.
In fact, the real USPS site recorded less traffic than its impersonators during the holiday season, a new report from cybersecurity researchers Akamai Technologies has warned, telling consumers to be skeptical whenever shopping online, and to always keep the idea of fraud on their mind.
The report said that between October 2023 and February 2024 Akamai’s researchers observed impersonated USPS sites getting 1,128,146 queries, while the actual site got 1,181,235 queries. Between November and December specifically, fake sites got even more traffic, as hackers ramped up their efforts during the holiday season.
Impersonating major brands
Akamai also stressed that the researchers only analyzed the websites that have the USPS string in their name, and that the number of fake websites impersonating major brands and services is almost definitely a lot bigger. Consequently, the traffic going to fake websites is probably larger, too.
The most popular domains are, as one might have expected, .com (4459 domains with 271,278 queries), and .top (3063 domains with 274,257 queries). Other notable mentions include .shop, .xyz, .org, and .info.
With USPS, hackers will usually pair fake websites with phishing emails or SMS messages. In these messages, the attackers will tell the victims their parcels cannot be delivered for some reason (for example, that the parcel is missing key delivery information, or that certain fees must be paid).
The messages will also carry a sense of urgency (for example, the victim will be given a few hours to pay the fee or submit the necessary information, otherwise the parcel will be returned to its sender).
The campaigns are usually more effective during the holiday season, as many people make purchases online and don’t find such messages suspicious.
Via BleepingComputer
