Postal Service™ employees and contractors must be suspicious of an ongoing threat called social engineering.
Social engineering is a tactic used by cybercriminals that involves tricking people into sharing confidential information such as passwords, credit card numbers, and login information. Instead of physically breaking into a system, social engineers coerce people into giving away sensitive information.
Social engineering attacks — one of the most common types of cyberattacks — are becoming more advanced based on evolving technology. These attacks can take many forms, including phishing emails, fake text messages, and impersonating legitimate USPS® personnel (see secureframe.com/blog/social-engineering-statistics).
Social engineering schemes target Postal Service employees and contractors with deceptive tactics that convince individuals to reveal sensitive information or compromise systems.
The CyberSafe at USPS® team advises employees and contractors to follow these best practices to avoid a social engineering attack:
n Limit. Be careful sharing information online about your family, job, or other personal details.
n Verify. If you receive a request for information, make sure the person or company is legitimate. Never send sensitive information if you are unsure.
n Report. If you think you are being targeted on your USPS-issued device, immediately contact the Cybersecurity Operations Center at 866-877-7247 or email CyberSafe@USPS.gov.
For more information about social engineering, go to the Monthly Awareness Campaigns page on Blue at blue.usps.gov/cyber/comms-2024-archive.htm#accordion1s8.
— Corporate Information Security Office,
Chief Information Officer, 5-1-25
