Postal Service employees and contractors must be suspicious of an ongoing threat called social engineering.
Social engineering is a tactic used by cybercriminals that involves tricking people into sharing confidential information such as passwords, credit card numbers, and login information. Instead of physically breaking into a system, social engineers coerce people into giving away sensitive information.
Social engineering attacks — one of the most common types of cyberattacks — are becoming more advanced based on evolving technology. These attacks can take many forms, including phishing emails, fake text messages, and impersonating legitimate USPS personnel (see secureframe.com/blog/social-engineering-statistics).
Social engineering schemes target Postal Service employees and contractors with deceptive tactics that convince individuals to reveal sensitive information or compromise systems.
The CyberSafe at USPS team advises employees and contractors to follow these best practices to avoid a social engineering attack:
- Limit. Be careful sharing information online about your family, job, or other personal details.
- Verify. If you receive a request for information, make sure the person or company is legitimate. Never send sensitive information if you are unsure.
- Report. If you think you are being targeted on your USPS-issued device, immediately contact the Cybersecurity Operations Center at 866-877-7247 or email CyberSafe@USPS.gov.
For more information about social engineering, go to the Monthly Awareness Campaigns page on Blue at blue.usps.gov/cyber/comms-2024-archive.htm#accordion1s8.
Postal Bulletin – May 1, 2025
Source: USPS