![](\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/smishmas-cheer-turning-threats-into-protections.png?resize=640%2C968&ssl=1\")
<\/p>\nPhishing email and “Smishing” texts have become a daily annoyance for anyone with a smartphone or computer — even our own team at ThreatSTOP isn’t immune. However, instead of just dodging these attempts, we leverage them to strengthen our proactive protections for customers. Recently, we encountered a smishing text directing recipients to a malicious domain masquerading as the USPS (United States Postal Service). After investigating, we expanded our protections to cover not just one malicious domain but an entire network of fraudulent activity. <\/p>\n
<\/p>\n
When we receive a phish or smish, the first step is adding the domains they ask us to visit to our phishing targets. This ensures no one accidentally clicks those links again. But in some cases, like this USPS-themed phishing campaign, there\u2019s more to uncover:<\/p>\n
<\/p>\n
Using investigative tools like urlscan.io<\/strong>, we found that the phishing domain redirected users to a fake USPS tracking page. A deeper search of related domains revealed a pattern: hundreds of infotrackXXX.top<\/strong> URLs hosted on Cloudflare infrastructure, all mimicking USPS tracking notifications.<\/p>\n – https:\/\/urlscan.io\/result\/7cfe664d-60dc-4018-a83f-4c11e49ed22f\/<\/a><\/p>\n Thanks to ICANN\u2019s Centralized Zone Data Service (CZDS<\/a>)<\/span>, we discovered over 1,000 domains matching this pattern, with more registered every day. While some are occasionally inactive, our analysis confirmed that every active domain was a fake USPS site.<\/p>\n Building Proactive Protections<\/p>\n ThreatSTOP quickly blocked all identified domains across our products, providing comprehensive protection for millions of customers worldwide. Whether it\u2019s businesses safeguarding their networks or individuals relying on our DNS solutions, our platform ensures threats like these never reach their targets:<\/p>\n The beauty of our platform is how quickly we can respond. As new domains are registered in this campaign, our systems are updated automatically to block them, providing continuous protection against this evolving threat.<\/p>\n Holiday Readiness: Proactive, Not Reactive<\/strong><\/p>\n This type of phishing campaign is especially timely as the holiday season approaches. With millions of Americans relying on USPS tracking notifications for gifts and packages, cybercriminals are exploiting this trend. But with ThreatSTOP, you can confidently move through this season knowing your systems are protected against these malicious campaigns.<\/p>\n At ThreatSTOP, we don\u2019t just defend against threats\u2014we turn them into opportunities to strengthen our protections. So, yes, we may even enjoy getting \u201csmished\u201d this time of year because every attempt against us becomes a proactive safeguard for you.<\/p>\n Connect with Customers, Disconnect from Risks<\/strong><\/p>\n For those interested in joining the ThreatSTOP family, or to learn more about our proactive protections for all environments, we invite you to visit our product page<\/a>. Discover how our solutions can make a significant difference in your digital security landscape. We have pricing for all sizes of customers! Get started with a demo today!<\/p>\n Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Phishing email and “Smishing” texts have become a daily annoyance<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[30,62,215,216,61,1069],"tags":[1071],"class_list":["post-6332","post","type-post","status-publish","format-standard","hentry","category-dns","category-dns-security","category-passive-dns","category-pdns","category-protective-dns","category-smishing","tag-smishing"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Threat Stop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/threatstop\/"},"category_info":"DNS<\/a> DNS Security<\/a> Passive DNS<\/a> PDNS<\/a> Protective DNS<\/a> Smishing<\/a>","tag_info":"Smishing","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6332","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6332"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6332\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6332"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![](\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/smishmas-cheer-turning-threats-into-protections-1.png?resize=640%2C480&ssl=1\")
<\/p>\n\n