Cybersecurity researchers at Akamai have uncovered a phishing campaign in which fake domains impersonate the United States U.S. Postal Service (USPS). Surprisingly, it gets as much traffic as the real one.

“The amount of traffic to the illegitimate domains was almost equal to the amount of traffic to legitimate domains on a normal day — and greatly exceeded legitimate traffic during the holidays.” – Akamai

From October 2023 to February 2024, the most popular malicious domains that Akamai discovered received nearly half a million queries, with two surpassing 150k each.

Domain nameQuery count* 
usps-post[.]world169,379
uspspost[.]me150,052
usps-postoffices[.]top27,056
stamps-usps[.]online24,352
usps-shop[.]shop23,432
uspspostoffice[.]top22,734
uspspostoffices[.]top19,266
usps-post[.]today18,775
uspshelp[.]store6,048
usps-pst[.]xyz5,800

The researchers discovered that two domains got more than 100,000 hits each: usps-post[.]world and uspspost[.]me. Combined, these two are responsible for 29% of all malicious traffic.

The most popular top-level domains (TLDs) associated with phishing USPS-themed domains were:

TLDUnique domainsQuery count
[.]com4,459271,278
[.]top3,063274,257
[.]shop56658,194
[.]xyz39730,870
[.]org35216,391
[.]info2577,597
[.]net1595,920
[.]life1535,616
[.]vip1058,724
[.]cc1036,430

The total queries generated by all malicious websites uncovered by Akamai’s research during the examined period is over 1,128,146, just short of the 1,181,235 queries recorded for the legitimate USPS site.

Buy Me A Coffee
Comparison of traffic to usps.com vs. to malicious domains that are impersonating the USPS

The following stats show that traffic to malicious domains between November to December was higher compared to the legitimate ones.

READ
Microsoft Alerts on China-Based Quad7 Botnet Targeting SOHO Routers for Credential Theft

Not only is the traffic relatively equivalent on a typical day, but during some weeks, the malicious domains are getting more queries than usps.com itself. These peaks revolve around the Thanksgiving (Black Friday) and Christmas holidays, the highest delivery time of the year in the United States.