US Post Office Phishing Sites Get as Much Traffic as the Real One
-
- Security researchers have uncovered phishing campaigns targeting the United States Postal Service (USPS), noting that traffic to fake domains closely mirrors legitimate site activity, particularly spiking during holidays. These phishing operations aim to steal sensitive information like account credentials and card details or deceive users into making payments to fraudulent shops or covering supposed fees for held items. During the 2023 holiday season, Akamai Technologies detected a surge in DNS queries to "combosquatting" domains mimicking USPS services. Traffic to these illegitimate domains nearly matched or exceeded legitimate traffic, particularly during holidays. Akamai began investigating USPS-themed phishing after an employee received a suspicious SMS redirecting to a site with malicious JavaScript. Analysts compiled a list of domains using the same malicious JavaScript over the past five months, focusing on those with "USPS" in their name. These phishing pages closely replicate the USPS site, including convincing tracking pages for package updates. Some even masquerade as dedicated postage item shops, attracting significant traffic during holiday shopping seasons.
Consumers are urged to exercise caution regarding SMS or email messages about package shipments, verifying legitimacy by manually accessing official websites rather than clicking links in messages, which could lead to malicious sites.
ที่มาแหล่งข่าว
https://www.bleepingcomputer.com/news/security/us-post-office-phishing-sites-get-as-much-traffic-as-the-real-one/
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand - Security researchers have uncovered phishing campaigns targeting the United States Postal Service (USPS), noting that traffic to fake domains closely mirrors legitimate site activity, particularly spiking during holidays. These phishing operations aim to steal sensitive information like account credentials and card details or deceive users into making payments to fraudulent shops or covering supposed fees for held items. During the 2023 holiday season, Akamai Technologies detected a surge in DNS queries to "combosquatting" domains mimicking USPS services. Traffic to these illegitimate domains nearly matched or exceeded legitimate traffic, particularly during holidays. Akamai began investigating USPS-themed phishing after an employee received a suspicious SMS redirecting to a site with malicious JavaScript. Analysts compiled a list of domains using the same malicious JavaScript over the past five months, focusing on those with "USPS" in their name. These phishing pages closely replicate the USPS site, including convincing tracking pages for package updates. Some even masquerade as dedicated postage item shops, attracting significant traffic during holiday shopping seasons.
