Cybersecurity researchers find that fake USPS phishing sites account for at least as much internet traffic as the Postal Service itself


A recent paper by cybersecurity-focused firm Akamai has found that queries to suspicious domains impersonating the US Postal Service accounted for nearly as much internet traffic as those to the actual USPS in a four month span between 2023 and ’24. The firm’s conservative criteria for avoiding false positives, meanwhile, might mean that traffic to phishing sites was actually far greater than to the actual Postal Service.

Akamai collected one dataset of domains containing malicious JavaScript and HTML code with “usps” featured somewhere in the address, and a second set of domains with “usps” in the address that led somewhere other than the Postal Service’s official IP range. Akamai’s researchers noted that this method actually excluded a large number of potentially suspicious domains in the interest of avoiding false positives.