USPS Impersonation Scams Surge: Fake Domains Rival Real USPS Website in Traffic

A disturbing new report by Akamai security researchers highlights the shocking scale of phishing scams impersonating the United States Postal Service (USPS). These cybercriminals have become so sophisticated that their malicious websites designed to steal your data now rival the legitimate USPS website in web traffic volume. During peak times, like the recent holiday season, this malicious traffic even exceeded legitimate traffic.

Investigative Insights

The USPS, a cornerstone of American communication and logistics, is often impersonated due to its ubiquitous presence in everyday life. Each holiday season, a spike in scam attempts, ranging from phishing to smishing (SMS phishing), is observed, exploiting the high parcel traffic and the consequent increase in consumer interactions with postal services.

Akamai’s researchers embarked on an analysis of DNS traffic data spanning five months, focusing on the legitimacy of domains claiming association with USPS. They developed a stringent set of filters to isolate domains mimicking the postal service without being linked to its official IP ranges. The criteria were refined to avoid capturing legitimate domains and to focus on those employing combosquatting techniques—where domain names incorporate known brand names to deceive users.

Startling Discoveries

The analysis revealed that the traffic to these deceptive domains was roughly equal to, and sometimes exceeded, the traffic to the genuine USPS site, particularly during the holidays. Two domains, in particular, garnered significant attention:

• usps-post[.]world: This domain, likely perceived as an international branch of USPS, saw substantial traffic, especially during periods marked by major U.S. holidays such as Thanksgiving and Christmas.
• uspspost[.]me: Specifically active around Christmas and peculiarly on December 6, possibly targeting St. Nicholas Day celebrations—a less common holiday in the U.S., suggesting a niche targeting strategy.

Top-Level Domains and Traffic Distribution

The study identified 233 distinct TLDs associated with malicious activity, with the most common being [.com] and [.top], the latter being particularly favored by threat actors due to their general availability and global perception of legitimacy. Surprisingly, despite the high query count for the [.world] TLD, driven primarily by usps-post[.]world, other domains under this TLD were minimal, suggesting a concentrated effort on a few highly effective scams.

Comparative Analysis

When juxtaposed with legitimate USPS traffic, the data from malicious domains presented an alarming picture: the volume of queries for both sources was nearly identical over the analyzed period. This equivalence underscores the scale of the phishing issue, with malicious actors successfully duping a large number of users into visiting fraudulent sites.

Temporal Trends

The analysis also highlighted specific peaks in malicious traffic coinciding with major U.S. shopping holidays, suggesting that attackers strategically time their campaigns to maximize impact. The increased volume of parcels and consumer interactions with postal services during these times provides a ripe environment for scammers.

Don’t Let Them Steal Your Holiday Cheer – Protect Yourself

• Link Scrutinizer: Before clicking anything, hover your mouse over the link to see where it really leads. Look for misspellings, odd domain names (.xyz, .shop), or anything that doesn’t seem like the official USPS website.
• Source Matters: If unsure about a notification, go directly to the USPS website ([usps.com]) or the carrier’s official site. Track your package there, bypassing any links in emails or texts.
• Slow Down, Scammers Thrive on Haste: Fraudsters create a false sense of urgency with phrases like “act now” or “immediate update”. Don’t be pressured. Take a moment, verify directly with USPS if something seems suspicious, and avoid rash clicking.
• Fight Back: Report and Expose: Report phishing attempts to the USPS or cybersecurity authorities like the Federal Trade Commission (FTC). Share warnings with friends and family to prevent others from falling victim.

The Bottom Line

Cybercriminals prey on the trust we place in familiar institutions like the USPS. It’s up to us to be vigilant. This holiday season, make sure the only packages you unwrap are the ones you intended to receive. Stay alert, double-check links, and if it feels too good to be true or creates unnecessary urgency, it likely is a scam.