This Phishmas, we expect to check delivery companies for package and delivery status. 

Hackers know this, and will use it to phish their victims. This example is no different. In here, the email comes from the salesperson at the store, trying to be helpful. The salesperson is saying that the USPS wasn't delivered, and attaches an email that claims to come from USPS. 

This is part two of the email. 


The link to "Receipt" goes to a OneDrive page, meaning the malicious content is hosted via the file-sharing platform. This is another example of The Static Expressway.

There's also a call to urgency, with an "overdue date" that will cost the recipient $5.25 a day in storage. 

Further, notice how they say you can ask for help at Note that the official USPS URL is