US Post Office phishing sites generated almost as much traffic as a real website
Fake US Postal Service (USPS) websites, designed to steal people’s sensitive information and payment details through phishing, generate almost as much traffic as the actual USPS website.
In fact, the real USPS site recorded less traffic than its impersonators during the holidays, warns a new report from cybersecurity researcher Akamai Technologies, warning consumers to be skeptical when shopping online and always keep the idea of fraud in mind.
The report states that between October 2023 and February 2024, Akamai researchers observed that impersonated USPS sites received 1,128,146 searches, while the actual site received 1,181,235 searches. Fake sites saw even more traffic, especially between November and December, as hackers ramped up their efforts during the holidays.
Imitating big brands
Akamai also emphasized that the researchers only analyzed the websites that have the USPS string in their names, and that the number of fake websites masquerading as major brands and services is almost certainly much higher. As a result, traffic to fake websites is also likely to be higher.
The most popular domains are, as you might expect, .com (4459 domains with 271,278 searches) and .top (3063 domains with 274,257 searches). Other notable entries include .shop, .xyz, .org, and .info.
With USPS, hackers typically link fake websites to phishing emails or text messages. In these messages, attackers tell victims that their packages cannot be delivered for some reason (for example, important delivery information is missing from the package or certain fees must be paid).
The messages will also convey a sense of urgency (for example, the victim will be given a few hours to pay the fee or submit the necessary information, otherwise the package will be returned to the sender).
The campaigns tend to be more effective during the holidays, as many people make purchases online and do not find such messages suspicious.
Through BleepingComputer