Cybersecurity researchers find that fake USPS phishing sites account for at least as much internet traffic as the Postal Service itself

Hacker
(Image credit: Caroline Purser/Getty)

A recent paper by cybersecurity-focused firm Akamai has found that queries to suspicious domains impersonating the US Postal Service accounted for nearly as much internet traffic as those to the actual USPS in a four month span between 2023 and '24. The firm's conservative criteria for avoiding false positives, meanwhile, might mean that traffic to phishing sites was actually far greater than to the actual Postal Service.

Akamai collected one dataset of domains containing malicious JavaScript and HTML code with "usps" featured somewhere in the address, and a second set of domains with "usps" in the address that led somewhere other than the Postal Service's official IP range. Akamai's researchers noted that this method actually excluded a large number of potentially suspicious domains in the interest of avoiding false positives.

"Our harsh parameters meant that we were exceedingly conservative with our analysis," the paper explains. "Even so, we saw an extraordinary amount of malicious traffic, which makes the true impact of these impersonations astonishing.

"We could have definitely collected appreciably more malicious domains that impersonate the USPS, but it was critical that we avoided including false positives in this dataset."

Over the sample period between October 2023 and February 2024, Akamai observed about 1.13 million queries to its dataset of suspicious domains, just shy of the 1.18 million that went to the official USPS website. In some weeks over the holidays, the suspicious traffic actually vastly exceeded the legitimate queries, suggesting that the holiday season is a busy time for bad actors trying to take advantage of anxious gift givers.

"Although the USPS won with 51% of the total queries for this 5-month period in this analysis," Akamai's researchers write, "the way we filtered the data suggests that the malicious traffic significantly outweighs the legitimate traffic in the real world."

And that's just USPS: what about the likely volume of fraudulent traffic impersonating DHL, FedEx, and a myriad other private or state-run parcel delivery services? Forget about package delivery, so much of internet traffic now consists of mass-add WhatsApp Bitcoin chats, "Hello Dear" cold messages, and the infamous "[redacted for public decency] IN BIO" accounts of recent Twitter fame. Those undersea fiber optic cables are absolutely straining under the weight of all this pointless, malicious spam.

Associate Editor

Ted has been thinking about PC games and bothering anyone who would listen with his thoughts on them ever since he booted up his sister's copy of Neverwinter Nights on the family computer. He is obsessed with all things CRPG and CRPG-adjacent, but has also covered esports, modding, and rare game collecting. When he's not playing or writing about games, you can find Ted lifting weights on his back porch.

Read more
3D illustration of a grid of black cpus with different IoT symbols, representing a botnet concept
Cloudflare claims to have mitigated biggest DDoS attack on record with requests flying in from 5,500 IP addresses per second
Team Fortress Spy being shocked
An FPS studio pulled its game from Steam after it got caught linking to malware disguised as a demo, but the dev insists it was actually the victim of a labyrinthine conspiracy
Mature professional business man suffering from a headache while working online on computer checking emails alone at work. One male manager feeling overworked, stressed and tired due to a deadline - stock photo
A 2023 study concluded CAPTCHAs are 'a tracking cookie farm for profit masquerading as a security service' that made us spend 819 million hours clicking on traffic lights to generate nearly $1 trillion for Google
A computer screen with program code warning of a detected malware script program. 3d illustration
Second Steam listing this year found hiding 'new and clever' malware. This time through a fake demo link on developer's website
Three Magikarp Pokémon
The FBI used self-destruct on malware infecting over 4,000 US computers, it's super effective
fibre optics shooting past electronics of broadband hub
Sorry, 2024's record-breaking 402,000,000 Mbps internet connection isn't available at your house yet
Latest in Gaming Industry
SUQIAN, CHINA - OCTOBER 6, 2024 - Illustration Tencent's plan to buy Ubisoft, Suqian, Jiangsu province, China, October 6, 2024. (Photo credit should read CFOTO/Future Publishing via Getty Images)
Ubisoft and Tencent are forming a new company that will take control of its most successful franchises: Assassin's Creed, Far Cry, and Rainbow Six
Kinich, a character in Genshin Impact, stands prepared to brawl with an enemy.
'Diabolical': Genshin Impact's English cast gives new VO the cold shoulder after he frames replacing a striking actor as an 'opportunity to carry the flame'
PC Gamer magazine issue 408 Doom: The Dark Ages
PC Gamer magazine's new issue is on sale now: Doom: The Dark Ages
Two brightly colored stormtroopers dressed like Run-DMC stand in front of PAX Australia's WELCOME HOME banner.
Tickets for PAX Australia 2025 are on sale now
Lara Croft Unified Art
Tomb Raider developer Crystal Dynamics lays off 17 employees 'to better align our current business needs and the studio's future success'
Monster Hunter Wilds' stockpile master studying a manifest
As layoffs and studio closures continue to deathroll the western AAA industry, analyst points out 5 of 8 major Japanese companies hit all-time share prices this year
Latest in News
A screenshot from SaGa Frontier 2, showing one of the protagonists wandering through a quaint fantasy village
One of Square Enix' most underrated PlayStation-era JRPGs just shadow dropped on Steam
The titular character from Princess Mononoke is depicted riding the wolf goddess Moro and carrying a spear.
Studio Ghibli AI image trend floods social media, cheered on by OpenAI and denounced by critics as an insult to Hayao Miyazaki
Marvel Rivals tier list - Wolverine
Marvel Rivals director says a future patch will reduce the shooter's insatiable hunger for RAM: 'It's a very big problem'
Hogwarts Legacy potions professor holding a potion
An unannounced Hogwarts Legacy expansion and 'definitive edition' have reportedly been cancelled
Story of Seasons - A cahacter in a purple tuxedo stands outside in a town square talking to the player
Story of Seasons is doing another Harvest Moon remake and it might be the best the series has ever looked
Assassin's Creed Shadows change seasons - An upper-body shot of Yasuke looking cheerfully up into the distance.
Assassin's Creed Shadows puts up the 'second highest day-one sales revenue in Assassin's Creed franchise history'