The USPS is struggling with phishing attacks

USPS staff take the bait in phishing test

Phishing attacks are one of the most common ways to infiltrate a system.  And recent study by the U.S. Postal Service's Office of the Inspector General shows why.

According to the report, the OIG sent phishing emails of its own to 3,125 USPS employees, to see if staff would click on a potentially dangerous link -- and if they would report the suspect emails, as required by USPS policy. One in four recipients clicked on the link, and just seven percent reported the message that landed in their inbox.

Even among those who clicked on the phishing link, 90 percent failed to report the potential security breach. (Among IT staff, that figure was 91.5 percent; for management, 94.1 percent.)

The report also found that the vast majority of employees who received the email (95 percent) had not taken USPS’s annual information security awareness training, because only new hires and office employees are required to complete it.  Of the 789 employees who clicked on the phishing link, 750 had not received the training.  And OIG investigators noted that USPS’s training does not completely explain how to identify and report phishing emails.

USPS officials took issue with the report's characterization of the test results as a 93 percent failure -- saying that even with 7 percent of employees reporting the phishing email, the agency received more than 100 reports of the email within the first hour.

The OIG recommended that all USPS employees with network access take the annual information security awareness training.

About the Author

Derek Major is a former reporter for GCN.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected