The USPS is struggling with phishing attacks

USPS staff take the bait in phishing test

Phishing attacks are one of the most common ways to infiltrate a system.  And recent study by the U.S. Postal Service's Office of the Inspector General shows why.

According to the report, the OIG sent phishing emails of its own to 3,125 USPS employees, to see if staff would click on a potentially dangerous link -- and if they would report the suspect emails, as required by USPS policy. One in four recipients clicked on the link, and just seven percent reported the message that landed in their inbox.

Even among those who clicked on the phishing link, 90 percent failed to report the potential security breach. (Among IT staff, that figure was 91.5 percent; for management, 94.1 percent.)

The report also found that the vast majority of employees who received the email (95 percent) had not taken USPS’s annual information security awareness training, because only new hires and office employees are required to complete it.  Of the 789 employees who clicked on the phishing link, 750 had not received the training.  And OIG investigators noted that USPS’s training does not completely explain how to identify and report phishing emails.

USPS officials took issue with the report's characterization of the test results as a 93 percent failure -- saying that even with 7 percent of employees reporting the phishing email, the agency received more than 100 reports of the email within the first hour.

The OIG recommended that all USPS employees with network access take the annual information security awareness training.

About the Author

Derek Major is a former reporter for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected