During the peak shopping periods of Thanksgiving and Christmas [3], fraudulent United States Postal Service websites used in phishing campaigns experienced a significant increase in traffic, nearly matching the number of queries received by the legitimate USPS website.


Between October 2023 and February 2024 [1] [2], impersonated USPS sites received a total of 1,128,146 queries, while the actual site received 1,181,235 queries [2]. The most popular fake USPS domains, such as “usps-post[.]world” and “uspspost[.]me”, each attracted over 150,000 hits, surpassing the traffic to legitimate USPS websites. The top-level domains commonly used in USPS-themed phishing operations were “.com”, “.top”, and “.shop” [1], with fraudsters employing combosquatting techniques to create exact replicas of the USPS site during busy times when individuals were expecting packages. Consumers are advised to exercise caution when shopping online and to remain vigilant about emails or text messages related to shipments, as scammers continue to exploit vulnerabilities in USPS security measures.


The surge in traffic to fraudulent USPS websites during peak shopping periods highlights the need for increased awareness and vigilance among consumers. It is crucial for individuals to be cautious when shopping online and to verify the legitimacy of websites before providing any personal information. As scammers continue to exploit vulnerabilities in USPS security measures, it is important for consumers to stay informed and take proactive measures to protect themselves from falling victim to phishing scams.


[1] https://www.scmagazine.com/brief/web-traffic-of-fake-usps-sites-similar-to-legitimate-site
[2] https://www.techradar.com/pro/security/us-post-office-phishing-sites-saw-almost-as-much-traffic-as-real-website
[3] https://www.infosecurity-magazine.com/news/study-reveals-usps-phishing-levels/