Smishing Threat Advisory: USPS Scam with Potential Links to China

Blog Author
Dan Verton

The Uptycs Threat Intelligence Team has uncovered a significant increase in the phishing campaign targeting the United States Postal Service (USPS). The severity of this USPS scam campaign has been deemed critical, with more than 1,400 live phishing websites discovered globally, potentially linked to Chinese threat actors.




The campaign is a classic example of 'smishing' — phishing via SMS. Victims are lured into divulging personal and financial information through fraudulent text messages and web links. These scammers employ tactics such as portraying themselves as government agencies, banks, or reputable organizations to appear authentic. 

The researchers note that they found unicode strings which appear to be the work of Chinese threat actors. They indicate, based on their experience and observations, that it is highly probable that this campaign is the work of Chinese threat actors.

The campaign has a global reach, with servers hosted in various countries including the U.S., Canada, Germany, China, Singapore, and Russia. Given its scale and sophistication, the Uptycs team has taken immediate action, blocking more than 1,050 indicators associated with this phishing operation. The Uptycs team advises the public to avoid suspicious links or texts, confirm the authenticity of unexpected messages, and install legitimate anti-malware software.

The USPS has issued a scam alert in response to this type of threat and reminds the public that the USPS does not send unsolicited texts or emails containing links for tracking services. If you receive a suspicious text message but are expecting a package, do not click on any links. Report the suspicious message according to instructions on the USPS scam article. Always visit directly for package tracking and information.


Get the full threat intelligence advisory here:

View advisory


Major highlights of the Uptycs advisory

  • Expansive reach: The campaign is global in scale, with servers and domains hosted across multiple countries, including the United States, Canada, Germany, China, Singapore, and Russia.

  • Sophisticated smishing techniques: The attack is executed via smishing (SMS phishing), where victims receive text messages luring them to provide personal and financial information.

  • Elaborate deception: The phishing sites convincingly masquerade as USPS links. The process involves multiple steps, culminating in redirecting victims to the legitimate USPS website, creating a false sense of security.

  • Information harvesting: Personal details like names, addresses, and credit card information are collected, posing a severe risk of identity theft and financial fraud.