Phishing Campaigns Targeting USPS See as Much Web Traffic as the USPS Itself

USPS.gov redirecting to USPS.com certainly doesn&#x27;t help matters.<p>Things like this should use one of the few TLDs that actually has policies and procedures in place; then it&#x27;s a simple &quot;if it&#x27;s not .gov, it&#x27;s not real.&quot;

Its not just in US, it happens in every country. SMS is the main way these links are distributed. So much so that in Sri Lanka, gov planned to add a centralized SMS firewall.<p><a href="https:&#x2F;&#x2F;economynext.com&#x2F;sri-lanka-to-study-infobip-centralized-sms-firewall-proposal-145888&#x2F;" rel="nofollow">https:&#x2F;&#x2F;economynext.com&#x2F;sri-lanka-to-study-infobip-centraliz...</a><p>Google messages have a good spam filter than can filter in real time them, but I have seen some get though for a small period of time.

&gt; We have found that the USPS is under attack from text scams<p>The core challenge of phishing attacks is that USPS is not, in fact, the primary victim of these attacks.<p>The victims are distributed citizens who fall for the scam. USPS doesn&#x27;t have very many levers available to them to address the attacks (besides a warning on their site, which they have), but also doesn&#x27;t &#x27;feel&#x27; the impact so would have a hard time justifying substantial investment in addressing it.<p>Ultimately the solution needs to come from regulatory regimes that target fraud, particularly SMS message spam.

I get no spam, until I send something...then it&#x27;s an avalanch for a few weeks then they dry up until next time I need DHL (or, indeed, any other carrier - €40 to send a registered letter, DHL priced themselves out of my budget).

Related from earlier this month:<p><i>USPS jumps to first place as most imitated brand in phishing attacks</i><p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39969527">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=39969527</a>

I&#x27;m disappointed by how little protection we&#x27;re getting against phishing campaigns. Google&#x27;s SafeSearch takes forever to process stuff, where presumably very quick response times are much more effective, Fastmail, despite being great in general, is _terrible_ at detecting phishing, Booking.com met my report of a phishing campaign over their site (hotel got hacked) with a &quot;it happens, we might talk to the hotel about it one day&quot; shrug, and banks and other institutions continue to send legitimate messages that look like phishing.

Reminds me of the fake police station in Do Androids Dream of Electric Sheep [1]. In order to keep up the pretense for three years, the androids have to take crime reports, do paperwork, and arrest perpetrators. In other words, they have to run an actual real police station. So perhaps the fake USPS sites should just start delivering the post!<p>[1] <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Do_Androids_Dream_of_Electric_Sheep%3F" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Do_Androids_Dream_of_Electric_...</a>

Try posting on a relatively popular cryptocurrency Telegram group and will be receive a lot of messages and calls within 30&#x27;

Why don&#x27;t DNS providers offer anti-malicious-URL protection?

It might not change anything, but I think the criminal penalties for scams need to be significantly raised.<p>The idea of reaching out to someone you don&#x27;t know at all and attempting to steal their money by lying and betraying their confidence is morally disgusting. The type of people who can do this hundreds or thousands of times a day are criminals of the worst and least redeemable kind, yet if caught they would likely face a smaller penalty than someone who steals a single piece of jewelry from a store.<p>We are slowly losing our ability to trust each other because of the prevalence of scams which adds massive transaction costs to every legitimate exchange. These costs are unseen but they make almost everything we buy slower and more expensive.