Postal Service™ employees and contractors need to be aware of smishing (phishing through text message), and vishing (phishing through a phone call) threats appearing on USPS-issued mobile devices.
Cybercriminals continue to impersonate the Postal Service via text messages, which suggest a USPS® delivery requires a response (see linkstechnology.com/blog/smishing-scam-featuring-usps).
Vishing attacks also remain strong, with 70 percent of scam calls in the U.S. using number spoofing to appear as if the call is coming from a source you know and trust (see keepnetlabs.com/blog/vishing-statistics-2023-unmasking-the-voice-phishing-threat).
Unfortunately, some Postal Service employees have fallen for these scams in recent months. To avoid becoming a victim, the CyberSafe at USPS® team advises employees and contractors to follow these tips:
n Be suspicious of phone calls or text messages that request personal or business information — or require you to take immediate action.
n Don’t click on suspicious links in unexpected or unsolicited text messages.
n Be cautious of text messages from unknown phone numbers or numbers that don’t look real.
n Don’t reply to suspicious phone calls or text messages.
n Block notifications from unsaved phone numbers to decrease the likelihood of falling for a smishing scam. To filter unknown numbers:
n iPhone users: Go to Settings > Messages and toggle on the “Filter Unknown Senders” option. This will create a new tab in your Messages app called “Unknown Senders.”
n Android users: Go to Settings > tap “block numbers” and then toggle the button beside “block unknown callers” to green.
n Take your biennial Mobile Device Security training course before April 14, 2025, through MyHR at usps.csod.com.
For more information on smishing and vishing, go to the Monthly Awareness Campaigns page on Blue at blue.usps.gov/cyber/comms-2024-archive.htm#accordion1s10.
— Corporate Information Security Office,
Chief Information Officer, 4-3-25
