As a USPS® employee or contractor, you are the first line of defense against social engineering attacks on USPS electronic devices, including laptops, mobile phones, and tablets. Social engineering describes a broad range of malicious activities that manipulate users into giving away sensitive information. Often disguised as trustworthy entities, cybercriminals will entice you to:
n Click a link;
n Open an attachment; or
n Provide personal information, such as a username and password.
Employees must remain vigilant against these types of attacks as they could harm USPS networks and operations. These social engineering threats are frequently used to steal personal information:
n Phishing. Impersonating a real system or organization using email, social media, or instant messaging to trick users via fake links or attachments.
n Spear phishing. Similar to phishing, but targets a limited number of users, like a specific individual or organization.
n SMShing. Using cell phone text messages that appear to be from a legitimate source.
n Vishing. Impersonating a reputable company using phone calls and voice messages to trick people into calling back.
n Pretexting. Using a fake identity or false circumstances to manipulate people.
While there is no single technique for differentiating these messages from legitimate ones, there are a number of clues you can look for, including:
n Mismatched URLs.
n Misleading domain names.
n Poor spelling and grammar.
n Offers that seem too good to be true.
n Requests for action on a task you didn’t initiate.
n Requests for personal information or money.
n Unrealistic threats.
If you suspect you have been targeted by a social engineering attempt, do not forward the message. Report the incident to the Cybersecurity Operations Center by:
n Clicking the “Report to CyberSafe” button in Outlook,
n Calling 866-877-7247, or
n Emailing Cybersafe@usps.gov.
For tips about identifying malicious messages, visit link.usps.com/2019/05/29/dont-get-hooked-2/. For cybersecurity information, visit the CyberSafe at USPS® websites on Blue (blue.usps.gov/cyber/) and LiteBlue (liteblue.usps.gov/cyber/).
— Corporate Information Security Office,
Chief Information Security Officer
and Digital Solutions, 7-18-19
