Cybersecurity researchers at Akamai have uncovered a phishing campaign in which fake domains impersonate the United States U.S. Postal Service (USPS). Surprisingly, it gets as much traffic as the real one.
“The amount of traffic to the illegitimate domains was almost equal to the amount of traffic to legitimate domains on a normal day — and greatly exceeded legitimate traffic during the holidays.” – Akamai
From October 2023 to February 2024, the most popular malicious domains that Akamai discovered received nearly half a million queries, with two surpassing 150k each.
| Domain name | Query count* |
|---|---|
| usps-post[.]world | 169,379 |
| uspspost[.]me | 150,052 |
| usps-postoffices[.]top | 27,056 |
| stamps-usps[.]online | 24,352 |
| usps-shop[.]shop | 23,432 |
| uspspostoffice[.]top | 22,734 |
| uspspostoffices[.]top | 19,266 |
| usps-post[.]today | 18,775 |
| uspshelp[.]store | 6,048 |
| usps-pst[.]xyz | 5,800 |
The researchers discovered that two domains got more than 100,000 hits each: usps-post[.]world and uspspost[.]me. Combined, these two are responsible for 29% of all malicious traffic.
The most popular top-level domains (TLDs) associated with phishing USPS-themed domains were:
| TLD | Unique domains | Query count |
|---|---|---|
| [.]com | 4,459 | 271,278 |
| [.]top | 3,063 | 274,257 |
| [.]shop | 566 | 58,194 |
| [.]xyz | 397 | 30,870 |
| [.]org | 352 | 16,391 |
| [.]info | 257 | 7,597 |
| [.]net | 159 | 5,920 |
| [.]life | 153 | 5,616 |
| [.]vip | 105 | 8,724 |
| [.]cc | 103 | 6,430 |
The total queries generated by all malicious websites uncovered by Akamai’s research during the examined period is over 1,128,146, just short of the 1,181,235 queries recorded for the legitimate USPS site.
The following stats show that traffic to malicious domains between November to December was higher compared to the legitimate ones.
Not only is the traffic relatively equivalent on a typical day, but during some weeks, the malicious domains are getting more queries than usps.com itself. These peaks revolve around the Thanksgiving (Black Friday) and Christmas holidays, the highest delivery time of the year in the United States.
