SMS phishing attack possible after UPS privacy incident (2023)

Sicherheit (Pexels, allgemeine Nutzung)[German]U.S. company United Parcel Service, better known under the abbreviation UPS, has experienced a data protection incident in which customer information was leaked. During package tracking, third parties were able to view more data about a package recipient than desired. As a result, customers are now falling victim to phishing text messages. UPS Canada is affected. The parcel service, which is also active in Germany, has probably communicated the whole thing to those affected in a rather idiosyncratic manner.


Advertising

United Parcel Service (UPS) of America, Inc. is a globally active US courier express parcel service company. UPS makes $74 billion in revenue (2019) and employs 496,000 people worldwide (2019). And UPS seems to have suffered a data privacy incident. A few hours ago, a tweet from security analyst Brett Callow already came to my attention.

UPS data breach notification

Brett Callow has received a postal letter from UPS-Canada, which at first glance looks like an education about phishing and smishing. The fourth paragraph states that UPS has noticed that customers are receiving fraudulent text messages. They would be asked to make payments so that the package could be delivered. This is a scam that is commonplace in Germany.

The question is how the senders of the phishing messages get the recipients of the addresses. But during an internal investigation, UPS has come to the conclusion, the letter says, that a weakness exists in the package tracking system. A person searching for a specific package can retrieve more information than intended from UPS. Among the data is the recipient's phone number, which can then be misused.

The colleagues at Bleeping Computer have since also picked it up in this article. The data leak probably only affects UPS Canada, but customers should be on their guard. If data such as phone numbers have been captured from third parties, they can also be misused. What is very special, however, is the way UPS packaged this data privacy incident to communicate the problem to its customers.


Advertising


Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).