During the 2023 holiday season, there was a notable rise in DNS queries to fraudulent domains mimicking the USPS, with traffic nearly matching that of the official USPS site.

These deceptive 'combosquatting' domains are designed to conduct phishing schemes, aiming to harvest personal information or mislead individuals into making payments.

The counterfeit USPS websites are sophisticated replicas, complete with a bogus postage items shop, attracting unsuspecting victims.

The most common top-level domains used for these phishing sites are .com, .top, and .shop.

Analysis indicates that traffic to these malicious USPS-themed domains surpassed that to the genuine site from November to December, highlighting the escalation of such cyber threats during the holidays.

Consumers are urged to remain vigilant against unsolicited messages regarding package deliveries and to confirm the authenticity of such communications by directly visiting the official USPS website.