Data breach notifications have been sent by UPS to its Canadian customers following the exploitation of their exposed personal data in ongoing SMS phishing attacks, BleepingComputer reports.
UPS had its package look-up tools leveraged by threat actors from February 2022 to April 2023 to secure recipients' personal contact details and other delivery information, which were then used in the smishing attacks, according to the multinational logistics company.
Attackers may have masqueraded as Apple and LEGO shipments in the campaign based on text messages examined by BleepingComputer.
"UPS has been working with partners in the delivery chain to understand how that fraud was being perpetrated, as well as with law enforcement and third-party experts to identify the cause of this scheme and to put a stop to it," said a UPS spokesperson.
The U.S. has been noted by the Internal Revenue Service and the Federal Communications Commission to be experiencing a significant increase in smishing attacks last year.