top of page

Beware of the Bait: Malicious USPS Ad Fishing for Banking Credentials


In the ever-evolving landscape of cyber threats, phishing remains one of the most prevalent and effective tactics used by cybercriminals. A recent example of this is a malicious ad campaign masquerading as the United States Postal Service (USPS), aiming to steal banking credentials. This blog post will delve into the details of this campaign and provide tips on how to stay safe.

The Malicious USPS Ad Campaign: An Overview

The campaign involves a malicious ad that appears to be from the USPS. The ad prompts users to click on a link, supposedly to track a package or update delivery preferences. However, the link leads to a phishing site designed to steal banking credentials.

The phishing site is designed to look like a legitimate USPS website, complete with the USPS logo and branding. It asks users to log in with their USPS credentials and then requests sensitive information, including bank account details and social security numbers.

How the Scam Works

  1. The Bait: The user sees an ad that appears to be from the USPS. The ad may claim that there's a package waiting for them or that they need to update their delivery preferences.

  2. The Hook: When the user clicks on the ad, they're taken to a phishing site that looks like the USPS website.

  3. The Catch: The phishing site prompts the user to enter their USPS login details. It then asks for sensitive information, including banking credentials and social security numbers.

Implications and Protective Measures

This malicious ad campaign poses a significant threat to unsuspecting users. The theft of banking credentials can lead to financial loss, identity theft, and other serious consequences.

To protect yourself from this and similar threats, follow these tips:

  1. Be Skeptical: Be wary of unsolicited emails or ads asking you to click on a link or provide sensitive information.

  2. Check the URL: Before entering any information, check the URL of the site you're on. Make sure it's the official USPS website and not a phishing site.

  3. Use Two-Factor Authentication: Enable two-factor authentication on your accounts whenever possible. This adds an extra layer of security, making it harder for cybercriminals to gain access.

  4. Report Suspicious Activity: If you encounter a suspicious ad or email, report it to the USPS and your bank.


The malicious USPS ad campaign serves as a stark reminder of the ongoing threat of phishing. By staying vigilant and following best practices for online safety, we can protect ourselves from these cyber threats. Remember, when it comes to your personal information, it's always better to be safe than sorry.

Recent Posts

See All


bottom of page