The inclusion of big-name brands in the domains of these UPS smishing campaigns suggests the perpetrators had the ability to focus their lookups on UPS customers who had recently ordered items from specific companies.Īttempts to visit these domains with a web browser failed, but loading them in a mobile device (or in my case, emulating a mobile device using a virtual machine and Developer Tools in Firefox) revealed the first stage of this smishing attack. Pivoting on the domain in the smishing message sent to Dylan shows the phishing domain shared an Internet host in Russia with nearly two dozen other smishing related domains, including upsdeliveryinfo, legodeliveryinfo, adidascanadaltdcom, crocscanadafeeinfo, refw0234appleinfo, vista-printcanadainfo and telus-cainfo. “A link is provided (often only after the customer responds to the text) which takes you to a captcha page, followed by a fraudulent payment collection page.” “We’ve seen many of our customers targeted with a fraudulent UPS text message scheme after placing an order,” Josh said. Josh is a reader who works for a company that ships products to Canada, and in early January 2023 he inquired whether there was any information about a breach at UPS Canada. “It seems likely to me that UPS is leaking information somehow about upcoming deliveries.” “From searching the text of this phishing message, I can see that a lot of people have experienced this scam, which is more convincing because of the information the phishing text contains,” Dylan wrote. The message included his full name, phone number, and postal code, and urged him to click a link to mydeliveryfee-upsinfo and pay a $1.55 delivery fee that was supposedly required to deliver his Legos. In March, 2023, a reader named Dylan from British Columbia wrote in to say he’d received one of these shipping fee scam messages not long after placing an order to buy gobs of building blocks directly from. The written notice goes on to say UPS believes the data exposure “affected packages for a small group of shippers and some of their customers from Februto April 24, 2023.”Īs early as April 2022, KrebsOnSecurity began receiving tips from Canadian readers who were puzzling over why they’d just received one of these SMS phishing messages that referenced information from a recent order they’d legitimately placed at an online retailer. “Because this information could be misused by third parties, including potentially in a smishing scheme, UPS has taken steps to limit access to that information.” “During that review, UPS discovered a method by which a person who searched for a particular package or misused a package look-up tool could obtain more information about the delivery, potentially including a recipient’s phone number,” the letter reads. ![]() The recent letter from UPS about SMS phishers harvesting shipment details and phone numbers from its website.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |