USPS is requiring employees, contractors and others to demonstrate increased cybersecurity vigilance amid escalating tensions in the Middle East.
Email spearphishing campaigns targeting U.S. government agencies are intensifying, the Postal Service Corporate Information Security Office reports. Cyberthreat actors are aggressively attempting to steal sensitive information, including account credentials and financial data, using targeted campaigns.
This often is achieved by acquiring the victim’s personal details, such as the names of their friends, hometown, employer, locations they frequent, and recent online purchases. The attackers then disguise themselves as a trustworthy entity to acquire sensitive information, typically through email or other online messaging.
Previous email campaigns have targeted multiple U.S. government agencies, including some USPS employees. No compromise of data has been reported, either at USPS or the other targeted agencies.
To prevent phishing attacks and to protect the Postal Service, the CyberSafe at USPS team offers these tips:
• Slow down. Pause and evaluate a message before taking action, and be wary of “urgent” requests.
• Verify the sender. If something doesn’t seem right, contact the sender by looking up his or her official email address.
• Don’t click. Hover. Ensure all hyperlinked descriptions match their destinations.
• Beware of attachments. Don’t open or click on anything attached to a suspicious email.
• Be skeptical. Consider whether a “once in a lifetime” offer could be real.
• Protect your information. Never provide personal information or your USPS credentials via email.
• Spell check. Spelling and grammar mistakes can indicate a phishing attempt.
If you think you’ve been targeted by a phishing attempt, don’t forward the message. Select the “Report to CyberSafe” Outlook button, call 866-877-7247 or send an email to CyberSafe@usps.gov.
The CyberSafe at USPS Blue and LiteBlue pages have additional guidance.