The Postal Service wants employees and contractors to learn the basic skills necessary to identify phishing lures in a sea of office emails.
Phishing emails are often sent by an unknown external entity, composed with poor grammar, contain attachments or include an urgent request that you to click on an embedded link.
However, as phishing attacks grow in sophistication and frequency — up 61 percent in the six months ending October 2022, compared with the previous year, according to a CNBC report — even tech-savvy individuals can’t always tell a fake email from a real one.
For instance, Twitter had to reassure thousands of leery laid-off employees that the emails they received containing severance information “was an official company communication … not a phishing attempt,” according to a Business Insider report.
To ensure postal employees and contractors are similarly on guard, the organization’s USPS Awareness and Training program routinely sends simulated phishing emails to test network users.
While most employees and contractors easily identify the fake emails and report them to CyberSafe@usps.gov, others — known as “repeat clickers” — unfortunately take the bait and have to undergo additional phishing simulation coaching.
Managers are notified of repeat clickers, who, in some cases, may have their external email privileges curtailed.
Here’s how to identify a phishing email:
• Verify the sender: Proceed with caution if the email is from an “[EXTERNAL]” email address.
• Slow down: Be wary of “urgent” requests; pause and evaluate messages before acting.
• Beware of attachments: Don’t open or click attachments to a suspicious email or received from an unknown sender.
• Hover, but don’t click: Ensure all hyperlinked descriptions match their destination, by hovering your cursor over the link and verifying the address.
Use the “Report to CyberSafe” button on the top right side of the Outlook toolbar to report suspicious emails or forward them to CyberSafe@usps.gov. If you don’t see the button on your Outlook toolbar, learn how to install it at ServiceNow.