In recent weeks, there has been a significant increase in phishing scams specifically directed at USPS customers. One such elaborate operation involves SMS-based phishing attempts designed to trick recipients into divulging personal and financial data. These attacks utilize a fake USPS identity and mimic postal services in numerous countries worldwide.
A concerned reader recently received an SMS that claimed to be from USPS, indicating an issue with a package addressed to them. Upon clicking the provided link, the reader was directed to the domain usps.informedtrck[.]com. It's important to highlight that this phishing domain is relatively recent, and there is limited ownership information available in WHOIS records.
While brand impersonation attacks of this kind have endured over time, the current report not only unveils novel redirection strategies but also offers a new roster of deceitful domains that organizations can take preemptive measures to block or closely examine for gathering further insights.
Past incidents have observed cybercriminals seeking to pilfer information from targets, but also the deployment of diverse ransomware strains through counterfeit shipping labels delivered as attachments. These attacks know no boundaries, impacting individuals both in their personal and professional environments, as logistics services play a critical role in both domains and are likely to increase in the upcoming months.
Furthermore, as the holiday season approaches, it's paramount to emphasize essential precautions to friends, family, and staff keeping them vigilant to ward off phishing scams. Vigilance is key when encountering unexpected links or attachments in emails, text messages, or any communication platforms. When unsure, it's good practice to educate and guide staff to manually access websites or services. Employees may also find it helpful to use trusted bookmarks to ensure the legitimacy of the websites they visit.
Other common scams to be on the look for during the holiday season include:
- Gift Card Requests,
- Fraudulent Charity Solicitations,
- Tech Support Scams,
- Phishing via social media,
- Government Impersonation Threats,
- Romance Scams,
- COVID-19-Related Fraud,
- Financial Phishing Attempts,
- Job Scams
For more, check out KrebsOnSecurity.