Loading....

USPS Directing Customers To A Fake Website

USPS Hijacked Domain

So, I went to the USPS the other day to drop-off a few packages.  While I was there, I inquired about PO Boxes.  The clerk handed me a pamphlet with details about how to apply for a PO Box.  The pamphlet didn’t list any prices though and instead, tells customers to visit a website for pricing info.:

[hr]

USPS Hijacked Domain
USPS Hijacked Domain

[hr]

Seems like a nifty little domain name someone involved in marketing came up with.  I first visited the site on my mobile device and got this:

[hr]

Fake Website
Fake Website

[hr]

That’s weird, why is the website calling me a ‘UPS Customer’, when I’m visiting a website the USPS told me to visit?  While I use Firefox with uBlock Origin ‘locked-down’ pretty tightly @ ads, redirects, etc. uBlock Origin still allowed that fake site through and the redirect to take place.  Also, look at the address bar — I’m not at ‘yourotheraddress dot com’ anymore, I’m at some ‘survey’ website.  Neat!

When I try visiting that page on an actual computer, using Firefox with NoScript and uBlock Origin, I get the following:

[hr]

Fake Shipping Website
Fake Shipping Website

[hr]

Someone’s clearly tried to make the page look like an ‘official’ shipping website, but that’s a pretty janky looking website — and definitely not the USPS’.

Keeping Javascript blocked, the site still redirects to the following landing/parked page:

[hr]

'yourotheraddress' Landing Page
‘yourotheraddress’ Landing Page

[hr]

And finally, if I enable Javascript, the site is able to load its remaining content, which uBlock Origin then detects the ad site doubleclick dot net:

[hr]

USPS Redirecting to Ad Sites
USPS Redirecting to Ad Sites

[hr]

So who owns this domain name?  Not the USPS.  If I do a whois lookup on the domain, it’s registered at a domain registrar in Shanghai and the server is located in Australia:

[hr]

USPS Domain Lost & Re-Registered in Shanghai
USPS Domain Lost & Re-Registered in Shanghai

[hr]

While I didn’t detect any immediate malware from these redirects, this is a pretty serious issue.  The USPS registered a domain name to use for advertising purposes.  In 2011, they forgot to (or just didn’t) renew the domain.  Someone else came along and bought it, taking over ownership.  That new owner has created a fake shipping website to try and make it look like what visitors expect, when they’re told to go there by the USPS.  Ads lead to malware, but more importantly, the owner of this domain can redirect visitors to anywhere they’d like.

So due to the USPS neglecting to keep hold of a domain  name they used in advertising, they’ve created a bit of a security hole and are putting customers at risk.

I contacted the USPS directly by phone and they referred me to a customer service department.  I was told this new department would be able to look into this and get to the bottom of it.  That wasn’t the case though.  When I spoke with customer service, they were a bit confused as to what I was explaining and simply asked that I go back to the USPS office where I was first handed the pamphlet, to let them know about the issue.

I tweeted USPS about this as well, but never heard back:

[hr]

[hr]

Since the USPS isn’t taking ownership of this issue and since they’re relying on me, a customer, to go around to each of the local post offices to tell them about this, there’s really nothing I can do other than bring this to the attention of those who utilize the USPS — specifically, anyone who inquires about a PO Box and wants to find out how much one costs.

The moral of this story — big companies, even the government, make major mistakes and let simple things fall through the cracks, putting individuals at risk.

I've been helping consignment storeowners since 2003. I started The Computer Peeps in February of 2010. After 15 years of working with consignment stores, I understand the unique challenges consignment and resale storeowners face. From electrical issues in old building or strip malls, to advocating for them when their consignment software keeps crashing. I now manage over 400 computer systems, servers, and websites for storeowners all across North America and I am the developer/programmer of our own consignment software, so we can help storeowners even more.

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*

Time limit is exhausted. Please reload CAPTCHA.

*

Back To Top