1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • UPS discloses data breach after exposed customer info used in SMS

    From TechnologyDaily@1337:1/100 to All on Thu Jun 22 14:15:03 2023
    UPS discloses data breach after exposed customer info used in SMS phishing

    Date:
    Thu, 22 Jun 2023 13:12:11 +0000

    Description:
    Watch out for that message from UPS asking for payment to approve the
    delivery of a parcel - its a scam.

    FULL STORY ======================================================================

    Global shipping giant UPS has confirmed it has experienced a data breach that may have exposed some customer data.

    According to Emsisoft threat analyst Brett Callow, who announced the
    discovery via Twitter , customers have been receiving a letter from UPS which says, UPS is aware that some package recipients have received fraudulent text messages demanding payment before a package can be delivered.

    Despite promises to be investigating via an internal review, and the subsequent revelation of how the scammer got hold of customer information,
    UPS has been scrutinized for the way it handled the event. UPS phishing scam results in data breach

    The letter from UPS Canada starts by generally describing phishing and smishing attacks, leaving it until halfway through before disclosing that
    some customers have actually been affected. It's unclear whether other
    regions that UPS operates in are also affected. Read more

    These are the best firewalls to stay safe


    Apple is the online store of choice for phishing scams


    This dangerous phishing attack is targeting Microsoft users everywhere, so
    be on your guard

    Callow said in the thread: This is not what a data breach notification should look like. They should immediately make clear what they are or else people will do what I almost did and put them in the recycling unread.

    UPS has confirmed that the attacker abused its package look-up tool to obtain information about the delivery, which it says potentially [included] a recipients phone number. The phishing scam uses victims phone numbers to demand payment for a package ahead of delivery.

    It is believed that details, including the recipients name, shipment address, and potentially phone number and order number were obtained between February 1, 2022 and April 24, 2023, over a period spanning more than a year.

    Bleeping Computer reports of numerous malicious messages, likely linked to this attack, that have been seen by the publication. It appears that the threat actor has posed as Apple and Lego, both of which are known for heavily using UPSs services for fast delivery.

    TechRadar Pro has asked UPS what it is doing to protect users and prevent future attacks, but the company did not immediately respond. For now, concerned users should consider using identity theft protection tools to keep on top of their personal data. Check out our roundup of the best malware removal tools

    Via Bleeping Computer



    ======================================================================
    Link to news story: https://www.techradar.com/pro/ups-discloses-data-breach-after-exposed-customer -info-used-in-sms-phishing


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)