The Postal Service™ wants employees and contractors to remain vigilant about the ongoing threat of social engineering, one of the most common and effective tactics used by cybercriminals.
Social engineering involves manipulating individuals into revealing sensitive information such as passwords, financial data, or system credentials. Instead of exploiting technical vulnerabilities, attackers target human behavior — using deception, urgency, or trust to influence decisions.
These attacks continue to grow in sophistication and may appear as phishing emails, fraudulent text messages (smishing), phone calls (vishing). Cybercriminals often pose as coworkers, supervisors, or external partners to make their requests appear legitimate. The CyberSafe at USPS® team encourages employees and contractors to follow these best practices to reduce risk:
n Limit. Be cautious about sharing personal or work-related information online or in response to unsolicited requests.
n Verify. Always confirm the identity of the requester using official, trusted contact methods before sharing any information.
n Pause. Be alert to urgent or unexpected requests, especially those involving sensitive data or system access. Take time to assess before responding.
n Report. If you suspect a social engineering attempt on your USPS-issued device, report it immediately by calling the Cybersecurity Operations Center at 866-877-7247 or emailing CyberSafe@USPS.gov.
For additional information about social engineering, go to the Monthly Awareness Campaigns page on Blue at blue.usps.gov/cyber/comms-2024-archive.htm#accordion1s8.
— Corporate Information Security Office,
Chief Information Officer, 5-14-26
