Management Instruction FM-640-2023-1 - Postal Bulletin 22669 - Contents Information Security Keep an Eye Out for Phishing Emails Phishing is a common cyberattack that targets individuals through email. USPS..." /> Management Instruction FM-640-2023-1 - Postal Bulletin 22669 - Contents Information Security Keep an Eye Out for Phishing Emails Phishing is a common cyberattack that targets individuals through email. USPS..." />
Link to "Environmental Management" Link to contents for "Organization Information"      Link to "Human Resources"

Information Security

Keep an Eye Out for Phishing Emails

Phishing is a common cyberattack that targets individuals through email. USPS® employees and contractors need to be suspicious of phishing emails because:

n Phishing is among the largest threats to cybersecurity.

n Phishing attacks increased by 34 percent in 2024 compared to 2023.

n There were 932,923 phishing attacks in the third quarter of 2024.

Phishing attacks are intended to steal personally identifiable information (PII), such as login passwords or financial information, and to trick a victim into sending money.

Here’s an example of a phishing email from the proofpoint website at (proofpoint.com/us/threat-reference/phishing):

“We regret to inform you that your account has been restricted. To continue using our services please download the file attached to this email and update your login information.”

You can tell this is a phishing email by the grammar errors, misspellings, and the sense of urgency this email demonstrates.

To help keep your inbox safe and to avoid falling victim to phishing attacks, follow these helpful tips:

n Slow down: Pause and evaluate messages before acting. Be wary of “urgent” requests.

n Verify senders: If an email is from an “[EXTERNAL]” address, proceed with extra caution.

n Hover — don’t click: Ensure all hyperlinked descriptions match their destination by hovering your mouse over the link.

n Beware of attachments: Don’t open or click on anything attached to a suspicious email.

n Spell check: Look for spelling and grammar mistakes. This can indicate a phishing attempt.

Recognizing a phishing email is only the first step. The next step is to report the message as follows:

n Select the suspicious email and click the Report to CyberSafe button on the Outlook toolbar. If the email is already open, the button will appear in the email toolbar as well.

n If you don’t see the “Report to CyberSafe” button in your Outlook toolbar, you can install the add-on by following these instructions on the USPS ServiceNow website at usps.servicenowservices.com/kb_view.do?sysparm_article=KB0046151&sysparm_use_polaris=false.

For more information on phishing, go to:

n CyberSafe page at blue.usps.gov/cyber; or

n CyberSafe page at liteblue.usps.gov/cyber.

— Corporate Information Security Officer,
Chief Information Officer, 2-6-25




Link to "Environmental Management" Link to contents for "Organization Information"      Link to "Human Resources"