In a surprising turn of events, UPS Canada has notified its customers of a data breach that potentially exposed their personal information, leading to an increase in targeted phishing attacks. Initially disguised as a warning about phishing threats, the letter (below) sent by UPS Canada revealed that the company had received reports of SMS phishing messages containing recipients' names and addresses. Upon investigation, UPS discovered that threat actors had accessed customer data, including contact information, by exploiting the company's package look-up tools between February 2022 and April 2023. UPS has since taken steps to enhance data security and is actively informing affected individuals of the breach.
Zach Capers, Senior Analyst at Capterra and Gartner weighed in on the incident and the scope of the threat:
“Recent reports indicate that UPS customers have been targeted by SMS phishing scams that leveraged the company’s package look-up tools to obtain names, phone numbers, and other information. According to Capterra research on U.S. workers, bogus package delivery scams are the second most common type of SMS phishing scam (reported by 49% of respondents) ranking only behind banking schemes (58%). SMS scams are also targeting businesses. Capterra reports high numbers of fake applicants, HR impersonation, and new hire phishing scams, 75% of which involve SMS phishing messages. It’s time that both consumers and businesses recognize the rising SMS phishing threat." ###