UPS, one of the world’s largest shipping companies, has disclosed a data breach that may have exposed some of its Canadian customers’ personal information. The breach occurred after hackers exploited a vulnerability in UPS’s online package look-up tools and used the obtained data to launch SMS phishing (or smishing) attacks.
Read: How a Ransomware Attack on the University of Manchester Threatens Student Data
What happened?
According to a letter sent by UPS to its affected customers, hackers were able to access some information about the recipients of certain packages shipped by UPS in Canada between February 1, 2022 and April 24, 2023. The information potentially included the recipient’s name, shipment address, phone number, and order number.
The hackers then used the phone numbers to send fraudulent text messages to the recipients, pretending to be from UPS or other reputable brands such as Apple and Lego. The messages claimed that the recipients needed to pay a fee or confirm their identity before their package could be delivered and directed them to a malicious website that asked for their personal or financial information.
How to protect yourself?
If you are a UPS customer in Canada who received a letter from UPS about this data breach, take the following steps to protect yourself:
– Do not click on any links or open any attachments in any suspicious text messages or emails claiming to be from UPS or other brands.
– Do not provide any personal or financial information on any website that you do not trust or recognize.
– Monitor credit reports and bank statements for any signs of identity theft or fraud.
– Contact the local law enforcement agency if you believe you have been a victim of a smishing attack.
UPS has said that it is working with its partners in the delivery chain, law enforcement agencies, and third-party experts to investigate the cause of this data breach and prevent it from happening again. UPS has also advised its customers and general consumers to visit its Fight Fraud website to learn more about how to stay safe from phishing and smishing attacks.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by Marques Thomas on Unsplash.
Facebook: Eagle Tech Corp
Instagram: @eagletech_corp
Twitter: @eagletechcorp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp