[dupe]
Actual report: https://akamai.com/blog/security-research/phishing-usps-mali...
Some more discussion: https://news.ycombinator.com/item?id=40194346
I got one of these messages literally moments before seeing this article. I always mark them Delete & Report Junk. It’s been years. Why can’t authorities stop this?
The Post Office leaves themselves open to this, because their site is at a level of tech that makes it hard to distinguish from a spam site from 5 years ago. It's too easy to make the phishing site look more legit than the actual site.
I recently left town for 1 month and got the post office to hold my mail. It was all delivered in bulk when I came back. Out of the huge bundle of 100 mail pieces, there was only 1 piece of mail that was not trash - a renewed car registration.
So for me, on average, 99% of mail goes right from USPS to the trash - in fact, I would probably pay a few dollars a month for a service which would automatically trash that 99% of mail for me.
That has me asking - what is the point of USPS these days? Is it just packages?
Many US government sites now have a clear banner at the top with a US flag and statement declaring "An official website of the United States Government." Some go further and include a link to expose an explanation for "here's how you know" that includes the statement "Official websites use .gov"
None of this appears on www.usps.com. www.usps.gov redirects to www.usps.com. Bare usps.gov does not (goes nowhere)
I wonder how much the phishing would decrease if the USPS website was served on usps.gov with the "an official website" and "how you know" seen on other official US gov't sites.