Cybersecurity researchers at Akamai have uncovered a phishing campaign in which fake domains impersonate the United States U.S. Postal Service (USPS). Surprisingly, it gets as much traffic as the real one.

“The amount of traffic to the illegitimate domains was almost equal to the amount of traffic to legitimate domains on a normal day — and greatly exceeded legitimate traffic during the holidays.” – Akamai

From October 2023 to February 2024, the most popular malicious domains that Akamai discovered received nearly half a million queries, with two surpassing 150k each.

Domain nameQuery count* 

The researchers discovered that two domains got more than 100,000 hits each: usps-post[.]world and uspspost[.]me. Combined, these two are responsible for 29% of all malicious traffic.

The most popular top-level domains (TLDs) associated with phishing USPS-themed domains were:

TLDUnique domainsQuery count

The total queries generated by all malicious websites uncovered by Akamai’s research during the examined period is over 1,128,146, just short of the 1,181,235 queries recorded for the legitimate USPS site.

Buy Me A Coffee
Comparison of traffic to vs. to malicious domains that are impersonating the USPS

The following stats show that traffic to malicious domains between November to December was higher compared to the legitimate ones.

Ransomware Cripples London Hospitals, Cancels 800+ Surgeries in a Week

Not only is the traffic relatively equivalent on a typical day, but during some weeks, the malicious domains are getting more queries than itself. These peaks revolve around the Thanksgiving (Black Friday) and Christmas holidays, the highest delivery time of the year in the United States.