The USPS is struggling with phishing attacks

USPS staff take the bait in phishing test

Phishing attacks are one of the most common ways to infiltrate a system.  And recent study by the U.S. Postal Service's Office of the Inspector General shows why.

According to the report, the OIG sent phishing emails of its own to 3,125 USPS employees, to see if staff would click on a potentially dangerous link -- and if they would report the suspect emails, as required by USPS policy. One in four recipients clicked on the link, and just seven percent reported the message that landed in their inbox.

Even among those who clicked on the phishing link, 90 percent failed to report the potential security breach. (Among IT staff, that figure was 91.5 percent; for management, 94.1 percent.)

The report also found that the vast majority of employees who received the email (95 percent) had not taken USPS’s annual information security awareness training, because only new hires and office employees are required to complete it.  Of the 789 employees who clicked on the phishing link, 750 had not received the training.  And OIG investigators noted that USPS’s training does not completely explain how to identify and report phishing emails.

USPS officials took issue with the report's characterization of the test results as a 93 percent failure -- saying that even with 7 percent of employees reporting the phishing email, the agency received more than 100 reports of the email within the first hour.

The OIG recommended that all USPS employees with network access take the annual information security awareness training.

About the Author

Derek Major is a former reporter for GCN.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected