US Post Office phishing sites saw almost as much traffic as real website

cyber security
(Image credit: Pixabay)

Fake US Postal Service (USPS) websites, designed to steal people’s sensitive information and payment data through phishing, get almost as much traffic as the actual USPS website.

In fact, the real USPS site recorded less traffic than its impersonators during the holiday season, a new report from cybersecurity researchers Akamai Technologies has warned, telling consumers to be skeptical whenever shopping online, and to always keep the idea of fraud on their mind.

The report said that between October 2023 and February 2024 Akamai’s researchers observed impersonated USPS sites getting 1,128,146 queries, while the actual site got 1,181,235 queries. Between November and December specifically, fake sites got even more traffic, as hackers ramped up their efforts during the holiday season.

Impersonating major brands

Akamai also stressed that the researchers only analyzed the websites that have the USPS string in their name, and that the number of fake websites impersonating major brands and services is almost definitely a lot bigger. Consequently, the traffic going to fake websites is probably larger, too.

The most popular domains are, as one might have expected, .com (4459 domains with 271,278 queries), and .top (3063 domains with 274,257 queries). Other notable mentions include .shop, .xyz, .org, and .info.

With USPS, hackers will usually pair fake websites with phishing emails or SMS messages. In these messages, the attackers will tell the victims their parcels cannot be delivered for some reason (for example, that the parcel is missing key delivery information, or that certain fees must be paid).

The messages will also carry a sense of urgency (for example, the victim will be given a few hours to pay the fee or submit the necessary information, otherwise the parcel will be returned to its sender).

The campaigns are usually more effective during the holiday season, as many people make purchases online and don’t find such messages suspicious.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Close up of a business person using a smartphone.
Watch out, malicious PDF files are being used again in phishing attacks
An iPhone sitting on a wooden table
Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe
Concept art representing cybersecurity principles
Cybercriminals cashing in on holiday sales rush
Someone checking their credit card details online.
Hackers use CAPTCHA scam in PDF files on Webflow CDN to get past security systems
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Fraude en ligne phishing
Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks
Latest in Security
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Latest in News
An image of the Nintendo Switch 2
Nintendo Switch 2 pre-orders will start on April 2 according to Best Buy Canada
Person printing
Microsoft’s latest Windows 11 update exorcises possessed printers that spewed out pages of random characters
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'