Management Alert - Active Smishing Campaign Masquerading as the U.S. Postal Service

Audit Reports

Dec

2020

Report Number:

21-018-R21

Report Type:

Audit Reports

Category: Security, Service Performance

Management Alert - Active Smishing Campaign Masquerading as the U.S. Postal Service

View PDF

Introduction

During our audit of the Integrity of Postal Service’s Social Media Presence, we found a smishing campaign that may have a significant negative impact on the Postal Service’s brand, reputation, and customer loyalty. Smishing is a mobile phishing attack that targets victims using text messages rather than emails. These messages appear to be sent by legitimate, trusted organizations like the Postal Service. Smishing attacks attempt to trick mobile users into clicking on links that are connected to fraudulent sites that could steal credentials or propagate malware.

Conclusion

We found the Postal Service had not informed the public of an active large-scale smishing campaign that used the Postal Service as a disguise. This malicious campaign could negatively impact the Postal Service’s brand, reputation, and customer loyalty.

Report Recommendations

#	Recommendation	Status	Value	Initial Management Response	USPS Proposed Resolution	OIG Response	Final Resolution
1	Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.	Closed	$0	Agree
2	Initiate a smishing awareness campaign through its social media platforms and USPS.com on the proper precautions posted on the U.S. Postal Inspection Service website.	Closed	$0	Agree

Breadcrumb

Audit Reports

Management Alert - Active Smishing Campaign Masquerading as the U.S. Postal Service

Report Recommendations