I get UPS phishing spam on my phone all the time. I never click on it, because it’s so obviously spam. Turns out that hackers have been harvesting actual UPS delivery data from a Canadian tracking tool for its phishing SMSs.
Ted • June 23, 2023 3:11 PM
The suspense is killing me! Was it an exploited API that reveled shipment details – as Alex from the article speculated?
Or was the data leaked via the “Track by Reference Number” feature that allows people to potentially discover sequential number sequences – as Peter wondered?! (The UPS website does have updated messaging on that page.)
modem phonemes • June 26, 2023 8:53 AM
In another country, but this would make a good episode in Hamlsh Macbeth.
Rod • June 30, 2023 2:17 PM
It is not just SMS. Having a Canadian phone number has been very annoying in the past years. I don’t even accept phone calls anymore, 9 out of 10 are these phishing calls.
Wherever anti-phishing logic the telecom companies up here, it just doesn’t work well at all.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Jorgem • June 23, 2023 12:18 PM
Canada has had a federal privacy law for decades. The idea that a phone number can just accidentally “show up” in the UPS search tool suggests UPS isn’t taking privacy all that seriously. It’s probably something the Privacy Commissioner of Canada should be looking into.