The USPS is struggling with phishing attacks

USPS staff take the bait in phishing test

Phishing attacks are one of the most common ways to infiltrate a system.  And recent study by the U.S. Postal Service's Office of the Inspector General shows why.

According to the report, the OIG sent phishing emails of its own to 3,125 USPS employees, to see if staff would click on a potentially dangerous link -- and if they would report the suspect emails, as required by USPS policy. One in four recipients clicked on the link, and just seven percent reported the message that landed in their inbox.

Even among those who clicked on the phishing link, 90 percent failed to report the potential security breach. (Among IT staff, that figure was 91.5 percent; for management, 94.1 percent.)

The report also found that the vast majority of employees who received the email (95 percent) had not taken USPS’s annual information security awareness training, because only new hires and office employees are required to complete it.  Of the 789 employees who clicked on the phishing link, 750 had not received the training.  And OIG investigators noted that USPS’s training does not completely explain how to identify and report phishing emails.

USPS officials took issue with the report's characterization of the test results as a 93 percent failure -- saying that even with 7 percent of employees reporting the phishing email, the agency received more than 100 reports of the email within the first hour.

The OIG recommended that all USPS employees with network access take the annual information security awareness training.

About the Author

Derek Major is a former reporter for GCN.

inside gcn

  • abstract view of data (agsandrew/

    Can quantum computing prevent an encryption meltdown?

Reader Comments

Tue, Oct 13, 2015 RapidGeek

100 reported emails are a great amount of reporting. The truth is that only one critical breach is required to jeopardize the entire computer or network.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group