Following the exposure of customer data used in SMS phishing, UPS reveals a data breach.

 Following the exposure of customer data used in SMS phishing, UPS reveals a data breach.

Canadian clients of international shipping corporation UPS are being warned that some of their personal information may have been misused in phishing attacks after potentially being made public through its online package look-up tools

The mails from UPS Canada, with the subject line "Fighting Phishing and Smishing - An Update from UPS," appear to be a warning to clients about the risks of phishing at first look.

The corporation slipped in a disclosure noting that it has been getting reports of SMS phishing messages containing the receivers' names and addresses, so it turns out that this is truly a data breach notification.

It turns out that this is actually a notification of a data breach, and the corporation slipped in a disclosure that it has been getting reports of SMS phishing messages that contained the recipients' names and addresses.

.

"Breach notifications must state exactly what they are from the beginning. The odds that they will be thrown out unread and serve no one by fluffing them out, according to Callow, were increased.

UPS collaborated with other parties in the delivery chain to identify how threat actors were gathering shipment information from their targets after receiving the phishing reports

Following an internal investigation, UPS discovered that between February 2022 and April 2023, the perpetrators of the ongoing SMS phishing effort used its package look-up tools to gain access to delivery information, including the receivers' personal contact information.

In order to counter these sophisticated phishing attempts, the organisation has now put in place safeguards to restrict access to this sensitive data.

To ensure openness and knowledge of the situation, UPS said it is informing anybody whose information may have been affected.

To ensure openness and knowledge of the situation, UPS said it is informing anybody whose information may have been affected.

"We are unable to tell you exactly when the misuse of our package look-up tools took place. From February 1, 2022, until April 24, 2023, it might have had an impact on some of the clients and parcels of a small number of shippers.

According to online sources, these phishing assaults have affected UPS customers all over the world. The threat actors used their names, phone numbers, and postal codes, as well as information on recent orders.

The threat actors are posing as Apple and LEGO shipments, with other companies probably also affected, according to a number of fraudulent SMS messages that BleepingComputer has seen and believes were received during this campaign.

When approached by BleepingComputer earlier today regarding the number of impacted customers and what other shippers were impersonated in the assaults, a UPS spokeswoman was not immediately available for comment.

The Internal Revenue Service (IRS) and the Federal Communications Commission (FCC) alerted Americans to a sharp increase in SMS phishing assaults in September and July, respectively.

The two federal agencies warned them to be on the lookout for text messages that came from shady sources, had dubious links, and frequently contained false or partial information.

After the report was published, a UPS spokeswoman offered the following statement:

When it comes to phishing and other bad actor attempts, we are continuously on guard. UPS is aware of reports of an SMS phishing ("Smishing") scheme targeted at a few Canadian shippers and their clients. In order to understand how the fraud was being carried out and to stop it, UPS has been collaborating with partners in the delivery chain as well as with law enforcement and other specialists. According to law enforcement, there has been an increase in smishing, which is affecting many different shippers and businesses.

UPS is issuing privacy incident notification letters to people in Canada whose information may have been impacted out of an abundance of caution. We encourage both our customers and other consumers to visit Fight Fraud | UPS - Canada to find out how they can protect themselves against attempts like these.