By now, most Postal Service™ employees are familiar with phishing scams; however, a new scheme called “smishing” can also put sensitive information at risk.
Smishing is a phishing attack delivered through text message that contains a fraudulent link or attachment. Smishing is particularly threatening because people are more inclined to trust a text message than an email.
Often, smishing attacks are delivered from spoofed phone numbers, meaning the original sender’s number is changed to display messages from false identities.
There have been recent reports of smishing attempts on USPS-issued devices — particularly targeting the executive leadership team. These attacks are delivered from unknown senders and contain misleading texts regarding a USPS® parcel and a fraudulent link, as shown here:
Avoid smishing scams and keep the USPS network secure by following these tips:
n If in doubt, do not click. Do not open any link or attachment from a phone number you don’t have saved in your contacts list or if you cannot verify the sender.
n Filter messages. Filtering unknown senders will block notifications from unsaved phone numbers, decreasing the likelihood of falling for a smishing scam. To filter unknown numbers:
n Apple users: Go to Settings > Messages and toggle on the “Filter Unknown Senders” option. This will create an “Unknown Senders” tab in your Messages app.
n Android users: Go to Settings > Spam Message Settings and select the “Block Unknown Senders” option.
If you think you’ve been targeted by a smishing attempt, report the incident to the Cybersecurity Operations Center by calling 866-877-7247 or by emailing Cybersafe@usps.gov.
For more helpful tips about cybersecurity best practices, visit the CyberSafe at USPS® websites on Blue (blue.usps.gov/cyber) and LiteBlue (liteblue.usps.gov/cyber).
— Corporate Information Security Office,
Chief Information Security Officer
and Digital Solutions, 5-6-21