Information Security

Holiday Phishing: Online Criminals Using Email Scams

graphic of keyboard showing a "Phishing" key

Employees are advised to watch out for emails that appear to be legitimate, but actually contain links to websites designed to steal your ID and password. They often link to sites that host malicious software or malware.

This type of scam is called “phishing” — a play on the word “fishing” — because the fraudsters are fishing for your personal information.

These phishing emails can appear to come from a financial institution, an eCommerce site, government agency, or business.

A typical phishing email urges you to act quickly — because your account has been compromised, your order cannot be fulfilled, or a similar matter. They often contain spelling errors and bad grammar. If you notice these mistakes, then the email could be a scam.

The Computer Incident Response Team advises employees to:

n Trust your instincts. If an email seems suspicious, delete it without opening.

n Watch out for attachments. Only open them if you know what they contain.

n Be cautious. Even if the email looks like it’s from someone you know, it could be from scammers.

n Don’t click on any links within the email.

n Don’t reply or respond to the emails in any way. Don’t request removal from the originator’s distribution list or unsubscribe. Replying lets the sender know that your email address is valid and can result in more messages.

n Forward suspect messages to ABUSE@usps.gov.