The Postal Service wants employees and contractors to watch out for phishing emails, which are how cyberattacks often originate.
A typical USPS employee or contractor with computer access receives about 120 emails on a given workday, so it’s important to know the types of messages to look out for and how to report them.
One recent example involves a message that appears to be from an internal source. However, the email is flagged as “[EXTERNAL]” and the message contains a pressing request such as “I require urgent help.”
Vendor invoice fraud is another phishing scam to avoid.
This occurs when an attacker takes over a vendor’s account, copying the company’s branding and impersonating its legitimate domain.
The CyberSafe at USPS team advises employees and contractors to take the following steps if they receive a suspicious email:
• Slow down. Evaluate the message, particularly if it has an “urgent” request.
• Check the spelling. Misspellings and grammar mistakes can indicate a phishing attempt.
• Be wary of attachments. Don’t open anything attached to a suspicious email.
• Verify the sender’s identity. If the email is from an “[EXTERNAL]” address, proceed with extra caution.
• Hover but don’t click. To ensure all hyperlinked descriptions are accurate, hover your cursor over the link to see the actual website or email address.
Employees and contractors should also select the suspicious email and click the Report to CyberSafe button on the Outlook toolbar. If the message is already open, the button will appear in the email toolbar.
The USPS ServiceNow website has instructions on installing the Report to CyberSafe button.
The CyberSafe at USPS Blue and LiteBlue pages have additional information.