A recent paper by cybersecurity-focused firm Akamai has found that queries to suspicious domains impersonating the US Postal Service accounted for nearly as much internet traffic as those to the actual USPS in a four month span between 2023 and '24. The firm's conservative criteria for avoiding false positives, meanwhile, might mean that traffic to phishing sites was actually far greater than to the actual Postal Service.
Akamai collected one dataset of domains containing malicious JavaScript and HTML code with "usps" featured somewhere in the address, and a second set of domains with "usps" in the address that led somewhere other than the Postal Service's official IP range. Akamai's researchers noted that this method actually excluded a large number of potentially suspicious domains in the interest of avoiding false positives.
"Our harsh parameters meant that we were exceedingly conservative with our analysis," the paper explains. "Even so, we saw an extraordinary amount of malicious traffic, which makes the true impact of these impersonations astonishing.
"We could have definitely collected appreciably more malicious domains that impersonate the USPS, but it was critical that we avoided including false positives in this dataset."
"Although the USPS won with 51% of the total queries for this 5-month period in this analysis," Akamai's researchers write, "the way we filtered the data suggests that the malicious traffic significantly outweighs the legitimate traffic in the real world."
