Phishing Campaign Accessed Data for 15 Months at Multinational Shipping Company UPS
Multinational shipping company UPS is alerting Canadian customers that some of their personal information might have been exposed via its online package look-up tools and abused in phishing attacks. "UPS is aware that some package recipients have received fraudulent text messages demanding payment before a package can be delivered," UPS said in a letter shared by Emsisoft threat analyst Brett Callow.
Following an internal review, UPS found that the attackers behind this ongoing SMS phishing campaign were using its package look-up tools to access delivery details, including the recipients' personal contact information, between February 2022 and April 2023.
April 15, 2023
No cost values disclosed.