Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content

How to identify a USPS phishing email

calendar
menu book 6 min read

Despite how obvious their tactics might seem, phishing email scams still manage to harm people every day. Like all phishing scams, these scams focus on abusing people’s trust in legitimate institutions like the United States Postal Service. Scammers might try to steal your data, gain access to your finances, or attack your system with malware. However, with some awareness and some simple changes in your online behavior, you can easily protect yourself against these scams.

How to identify a USPS phishing email

Table of Contents

Table of Contents

What are the dangers of USPS phishing emails?

Unfortunately, USPS phishing scams are widespread and claim new victims daily. Simply by opening a suspicious email or clicking on a seemingly innocent link, these victims find themselves facing severe consequences, including:

  • Malware infections. An email hoax might include a link that will download a virus onto your device when you click on it. Viruses can infect your system and steal or destroy your data. Ransomware can lock you out of your files until you pay scammers a ransom for a decryption key.
  • Identity theft. A phishing attempt often contains links that bring unsuspecting recipients to fake landing sites, asking them to provide detailed personal information. While they look legitimate, these sites steal your information and then hackers may use it to open bank accounts, take out loans, or obtain credit cards in your name.
  • Redirection and manipulation. Scammers may try to access your USPS account to redirect your parcels to another location, where they can steal them. Similarly, phishing for your delivery information may allow them to run a brushing scam. Brushing involves ordering items in your name and then using these fake orders to “brush up” their sales numbers and post fake reviews in your name.
  • Monetary loss. Most phishing attacks are aimed at stealing your money. A link in an email may bring you to a fake landing site that looks like your bank’s website. When you think you’re logging in, you’re giving scammers access to your bank accounts. Likewise, scammers can steal your credit card numbers and then use them to make purchases for themselves.
  • Stress and insecurity. Having your personal information, data, and money threatened or taken from you can be incredibly stressful. Scammers’ actions also make their victims lose trust in institutions and feel much more insecure online.

How to spot a USPS phishing email

The US Postal Service states it will never ask people for money, passwords, or personal information through email. However, some fake emails still look legitimate, and people who don’t know how to spot them may be fooled.

Look for these key signs that an email is fake:

  • Suspicious subject line. The most common subject in USPS scam emails is “Delivery Failure Notification.” Other subjects that attempt to grab your attention, including those that seem urgent or are written in ALL CAPS, may be signs of an email hoax.
  • Sender address discrepancies. Look carefully at the sender address in the “From:” field. The USPS only uses email addresses that end in @usps.com or @uspis.gov. If you encounter addresses that are different or have additions like .com.ru, for example, these senders are not genuine. Identifying these incorrect sender addresses can help you catch USPS email scams before they do any damage.
  • Grammar and spelling errors. Professionals standardize and double-check USPS messaging. Sloppy grammar, spelling, and punctuation in an email can indicate that it was sent by scammers who spent more time planning their scheme than checking their writing.
  • Mentions of large amounts of money. While the USPS may know the general contents of a package for security reasons, the specific contents are private. Therefore, the USPS or the postmaster general will never contact you to tell you that you’ve been sent a large cheque or money order. Text messages like this are scams trying to manipulate you with tantalizingly large amounts ooney.
  • Pressure tactics. Emails that urge the recipient to take immediate action to avoid dire consequences can create pressure to take action. However, the USPS will never use these pressure tactics to scare customers into action.
  • Tracking number discrepancies. A USPS tracking phishing email will frequently quote a tracking number of an incoming package supposedly on its way to you. You can always copy the tracking number you receive in a suspicious email and crosscheck it with USPS to ensure it’s real. However, never click on links in a suspicious email, especially if the tracking number is the link. You might be directed to a phishing website if you do.
  • Sender address formatting errors. The USPS uses a specific format for sender and receiver addresses. It could be a scam if you’re given a sender address that doesn’t match, or your shipping address appears in the wrong format.
  • Suspicious links. Real USPS emails will invite you to go to the postal service website or app and log in to check details or track packages. They won’t usually include click-through links. You can also hover your mouse (carefully) over the links in an email to see where they lead. If the website looks suspicious and unofficial, don’t click on it.

Examples of USPS phishing

The USPS warns of several different scams that have affected its customers in the past and may continue into the present day. Some of the more common scams include:

Postal service email scams

The United States Postal Service is a popular scam target because of its numerous services and use nationwide. Scammers depend on people’s perception of the USPS as a complex, confusing system that’s prone to errors. That’s why they’ll acquire email addresses illegally and then send emails that ask for more information, logins, and even payments through fake links. They’ll also tell recipients they have a package waiting at the post office, and they just need to provide information to arrange delivery.

Delivery failure email scam

With many people ordering items online, a delivery failure notice can be the perfect cover for a scam. This email scam manipulates the receiver’s sense of urgency by making them worry and then offering a quick and easy solution to the problem. However, when they click the link provided to amend the delivery failure, they may fall prey to malware or personal data theft.

Smishing scams

Smishing, or SMS phishing, is a scam that uses SMS text messages to phish on mobile devices like your tablet or cell phone. These scams involve sending SMS messages to people’s phones, often with highly attention-grabbing notifications telling them there is a problem with their account or a package delivery. These text messages typically include links to malicious websites that ask for login details and personal or financial information, which is then stolen by the scammers. A deceptive text message will often come from unknown senders, use poor grammar, and contain suspicious links.

How to protect yourself from USPS phishing emails

Scammers will continue preying on the uninformed, so knowing how to protect yourself from phishing emails is your best weapon in combating this threat. Here are some steps to follow when you receive an email or text message that’s unusual or unexpected:

  1. Don’t rush to open it or take action. Scammers use psychological pressure techniques to make you believe you must take urgent action or you’ll be in trouble.
  2. Look for the critical signs listed above that could indicate a scam.
  3. Use available USPS tools to check tracking numbers and other questionable information.
  4. Don’t click on links or click to download attachments. These could contain viruses or malware or lead to websites that could steal your information.
  5. Never fill out forms or otherwise give your personal or financial information to websites you don’t recognize or trust. Use only official websites and apps to communicate with the USPS.
  6. Don’t reply to a suspicious email or SMS text message. If you think it might represent a scam, you can instead report any phishing email to USPS.
  7. Use a reliable anti-malware tool. For example, NordVPN offers its Threat Protection Pro anti-malware feature that warns you about potential scams and fraud, and alerts you about zero-day phishing attacks.

As a best practice, never open an email or message from a sender you don’t recognize or that seems suspicious. Instead, you can report them as spam within your email provider or simply delete them.

How to report USPS phishing emails

The USPS works constantly to provide its services reliably, communicate clearly, and prevent scammers from manipulating its customers. To help stop email scams, the organization has dedicated phone numbers and email addresses for USPS phishing email reporting.

If you receive what you think is a fake USPS email, you can forward it to spam@uspis.gov. You can report emails unrelated to the USPS to the Federal Trade Commission. After reporting these potentially dangerous emails, you should delete them permanently.

If you receive what you suspect is a smishing text message, you can forward it to 7726. To report USPS-related smishing, copy the body of the SMS message, include relevant details, and send it to spam@uspis.gov. You can forward smishing text messages unrelated to the USPS to 7726 and report them to the Federal Trade Commission.