Phishing email and "Smishing" texts have become a daily annoyance for anyone with a smartphone or computer -- even our own team at ThreatSTOP isn't immune.  However, instead of just dodging these attempts, we leverage them to strengthen our proactive protections for customers. Recently, we encountered a smishing text directing recipients to a malicious domain masquerading as the USPS (United States Postal Service).  After investigating, we expanded our protections to cover not just one malicious domain but an entire network of fraudulent activity. 

When we receive a phish or smish, the first step is adding the domains they ask us to visit to our phishing targets. This ensures no one accidentally clicks those links again. But in some cases, like this USPS-themed phishing campaign, there’s more to uncover:

Using investigative tools like urlscan.io, we found that the phishing domain redirected users to a fake USPS tracking page. A deeper search of related domains revealed a pattern: hundreds of infotrackXXX.top URLs hosted on Cloudflare infrastructure, all mimicking USPS tracking notifications.

 - https://urlscan.io/result/7cfe664d-60dc-4018-a83f-4c11e49ed22f/

Thanks to ICANN’s Centralized Zone Data Service (CZDS), we discovered over 1,000 domains matching this pattern, with more registered every day. While some are occasionally inactive, our analysis confirmed that every active domain was a fake USPS site.

Building Proactive Protections

ThreatSTOP quickly blocked all identified domains across our products, providing comprehensive protection for millions of customers worldwide. Whether it’s businesses safeguarding their networks or individuals relying on our DNS solutions, our platform ensures threats like these never reach their targets:

  • DNS Defense Cloud users were shielded at the DNS layer through our cloud-based DNS servers.
  • DNS Defense customers, who manage their own DNS servers, gained the same proactive protections through seamless updates to their systems.
  • IP Defense extended protections to firewalls, routers, and other IP-based systems, ensuring these threats were neutralized at every level.

The beauty of our platform is how quickly we can respond. As new domains are registered in this campaign, our systems are updated automatically to block them, providing continuous protection against this evolving threat.

Holiday Readiness: Proactive, Not Reactive

This type of phishing campaign is especially timely as the holiday season approaches. With millions of Americans relying on USPS tracking notifications for gifts and packages, cybercriminals are exploiting this trend. But with ThreatSTOP, you can confidently move through this season knowing your systems are protected against these malicious campaigns.

At ThreatSTOP, we don’t just defend against threats—we turn them into opportunities to strengthen our protections. So, yes, we may even enjoy getting “smished” this time of year because every attempt against us becomes a proactive safeguard for you.

Connect with Customers, Disconnect from Risks

For those interested in joining the ThreatSTOP family, or to learn more about our proactive protections for all environments, we invite you to visit our product page. Discover how our solutions can make a significant difference in your digital security landscape. We have pricing for all sizes of customers! Get started with a demo today!