US Post Office phishing sites get as much traffic as the real one

US Post Office phishing sites get as much traffic as the real one

April 28, 2024 at 12:03PM

Security researchers found that phishing campaigns targeting the USPS saw fake domains receiving traffic similar to the legitimate site, especially during holidays. The phishing operations mimic genuine USPS services, with convincing designs and tracking pages. Malicious domains received over 1.1 million queries, indicating heightened activity during the winter holidays. Consumers are advised to verify communications about package shipments on the official USPS website to avoid malicious links.

Based on the meeting notes, here are the key takeaways:

1. Security researchers observed a significant volume of DNS queries going to “combosquatting” domains impersonating the USPS service during the 2023 holiday season. The traffic to these fake domains was almost equal to or even higher than the traffic to legitimate domains, especially during the holidays.

2. The phishing operations targeted people’s sensitive information and used convincing designs to make the fake USPS sites appear as exact replicas of the authentic USPS site.

3. Akamai’s research revealed that from October 2023 to February 2024, the most popular malicious domains received nearly half a million queries, and traffic to malicious domains between November to December was higher compared to the legitimate one, indicating increased malicious activity during the winter holiday season.

4. The most popular top-level domains associated with phishing USPS-themed domains were .com, .top, .shop, .xyz, .org, and .info.

5. Akamai’s research focused only on USPS, so the actual scale of these combosquatting campaigns that potentially encompass many more brands is likely larger.

6. To safeguard against phishing activities, consumers should exercise caution and be skeptical about any SMS or email messages about package shipments, and it’s advisable to verify the legitimacy of such communications by manually loading the official website in the browser to check the delivery status of a product and avoid clicking on links included in messages for tracking parcels that may lead to malicious locations.

Full Article