Postal Service™ employees and contractors need to beware of a common cybercrime known as phishing. Phishing is a scam where hackers send malicious emails created to coerce victims into revealing financial information, system credentials, and other sensitive information.
Cybercriminals use phishing emails because they’re easy to create and send out. They exploit human emotions such as fear and urgency to trick victims into revealing personally identifiable information (PII), including social security numbers, or clicking on fraudulent links.
To avoid falling for a phishing scam, USPS® asks employees and contractors to follow these tips:
n Slow down: Pause and evaluate messages before acting. Be wary of “urgent” requests.
n Verify senders: If an email is from an “[EXTERNAL]” address, proceed with extra caution.
n Hover — don’t click: Ensure all hyperlinked descriptions match their destination by hovering your mouse over the link.
n Beware of attachments: Don’t open or click on anything attached to a suspicious email.
n Spell check: Spelling and grammar mistakes can indicate a phishing attempt.
Spotting a phishing email is only the first step.
The next step is to report the message as follows:
n Click the “Report to CyberSafe” button in the Outlook toolbar.
n If you don’t see the “Report to CyberSafe” button, you can install the add-on by following the instructions on the USPS ServiceNow website at usps.servicenowservices.com/kb_view.do?sysparm_article=KB0046151&sysparm_use_polaris=false.
For more information on phishing, go to the Monthly Campaign page on Blue at blue.usps.gov/cyber/communications.htm#accordion1s10.
— Corporate Information Security Office,
Chief Information Officer, 1-8-26
