Information Security

Don’t Fall Victim to Phishing Emails

Most cyberattacks are traced back to a phishing email, which remains one of the most critical threats to the security of personal and corporate information.

Employees and contractors receive approximately 121 emails on any given workday, so it’s important to know what type of emails to look out for and how to report them.

One such phishing email scam is the return-to-email scam (see comptia.org/content/articles/what-is-phishing). This scam appears to be from an internal email address and the sender asks for you to act immediately. Urgent requests like this generally indicate a phishing email.

Vendor invoice fraud is another common phishing scam, which usually comes from a fake vendor account. Common tricks include hackers taking over an account, copying a vendor’s branding, and impersonating a legitimate vendor’s domain. Vendors complete the work, but the attackers will send a duplicate invoice or alter the payment amount.

The CyberSafe at USPS® team advises employees and contractors to take the following steps if they receive a suspicious email:

n Slow down. Evaluate messages, particularly those with “urgent” requests.

n Spell check. Spelling and grammar mistakes can indicate a phishing attempt.

n Be wary of attachments. Don’t open anything attached to a suspicious email.

n Verify senders. If an email is from an “[EXTERNAL]” address, proceed with extra caution (see blue.usps.gov/cyber/protect-your-inbox.htm).

n Hover but don’t click: To ensure all hyperlinked descriptions are accurate, hover your cursor over the link.

If you receive a suspicious email, select the email or emails and click the “Report to CyberSafe” button on the Outlook toolbar. If the email is already open, the button will appear in the email toolbar as well.

If the “Report to CyberSafe” button isn’t on your Outlook toolbar, you can install it: usps.servicenowservices.com/kb_view.do?sysparm_article=KB0046151.

For more information, visit the CyberSafe at USPS Blue (blue.usps.gov/cyber) and LiteBlue (liteblue.usps.gov/cyber) pages, as well as the Monthly Awareness Campaigns page at blue.usps.gov/cyber/communications.htm.