Many US government sites now have a clear banner at the top with a US flag and statement declaring "An official website of the United States Government." Some go further and include a link to expose an explanation for "here's how you know" that includes the statement "Official websites use .gov"
None of this appears on www.usps.com. www.usps.gov redirects to www.usps.com. Bare usps.gov does not (goes nowhere)
I wonder how much the phishing would decrease if the USPS website was served on usps.gov with the "an official website" and "how you know" seen on other official US gov't sites.
I dunno, I think the phishing scammers could just copy the banner and change the "how you know" part to include a big green check mark that says "this site was verified to be the real USPS". I don't think most people who are falling for these phishing scams wouldn't also fall for a fake banner.
I just think the inconsistency is glaring. Would love to be a fly on the wall of what I expect/hope was a heated debate over why USPS, one of if not the top US government websites used by people in the US, should opt-out of the anti-phishing tactics used by most other US gov't sites.
And for that matter, why does www.usps.gov redirect to the .com rather than vice-versa, and why does the bare usps.gov domain resolve to nothing? Who makes these decisions and how do they result in the opposite of what I (perhaps naively) would expect rational decision-makers to do?
A better solution would be for the government to seize the domains and arrest the scammers impersonating the post office or the IRS or any other governmental entity.
I got one of these messages literally moments before seeing this article. I always mark them Delete & Report Junk. It’s been years. Why can’t authorities stop this?
Maybe because these sites are hosted outside the US ?
But to really stop this, USPS would need o buy all possible domains that start with USPS.*
That can get very expensive that to ICAN. Plus the USPS has no $ due to what Bush II put in place when he was president and the GOP refusing to undoing that change. I believe that was done to bust the union.
The Post Office leaves themselves open to this, because their site is at a level of tech that makes it hard to distinguish from a spam site from 5 years ago. It's too easy to make the phishing site look more legit than the actual site.
I just went to https://www.usps.com/ and it looks perfectly fine. Loads quickly, layout is clean. Maybe this is a joke about modern webdev being terrible that has gone over my head?
It sort of is - the design looks bad, but you're right. The website loads too fast, almost. I would just move to usps.gov and maybe make the design look less like a template I could buy for $30.
How would that new design not become the next $30 template? Do we just have to redesign everything important every few years so they avoid the old/commodity look?
It is actually very easy to copy some HTML from a legit site for the purposes of a phishing campaign. I don't think improving the web design will help mitigate that, unless you mean moving all rendering to a canvas element and implementing all of the functionality of the site on some obfuscated VM.
I recently left town for 1 month and got the post office to hold my mail. It was all delivered in bulk when I came back. Out of the huge bundle of 100 mail pieces, there was only 1 piece of mail that was not trash - a renewed car registration.
So for me, on average, 99% of mail goes right from USPS to the trash - in fact, I would probably pay a few dollars a month for a service which would automatically trash that 99% of mail for me.
That has me asking - what is the point of USPS these days? Is it just packages?
None of this appears on www.usps.com. www.usps.gov redirects to www.usps.com. Bare usps.gov does not (goes nowhere)
I wonder how much the phishing would decrease if the USPS website was served on usps.gov with the "an official website" and "how you know" seen on other official US gov't sites.