[HN Gopher] SMS phishers harvested phone numbers, shipment data ...
___________________________________________________________________
SMS phishers harvested phone numbers, shipment data from UPS
tracking tool
Author : todsacerdoti
Score : 55 points
Date : 2023-06-22 19:16 UTC (3 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| waselighis wrote:
| My best guess would be a compromise of a 3rd party service that
| acts as an intermediary for UPS (and possibly other shipping
| providers) and serves Canadian businesses. Another possibility
| is, again, a 3rd party which collects data for businesses for
| marketing and analytics purposes, wherein the businesses are
| feeding the shipping info to these 3rd parties. Or maybe a 3rd
| party which sends out emails or texts containing the shipping
| info... It seems unlikely that UPS itself was compromised
| considering they're unable to determine how the phishers are
| acquiring the shipping info in the first place, especially given
| this phishing campaign ran for over two years.
| aftbit wrote:
| Many of these tracking numbers are actually enumerable if you
| know what to look for. All of their support staff are vulnerable
| to reasonable sounding social engineering. Applying the former at
| scale is easy today, while the second requires more targeted
| attention.
| johncessna wrote:
| phishing
|
| whaling
|
| smishing
|
| pharming
|
| vishing
|
| spear phishing
|
| clone phishing
|
| snowshoeing
|
| Every year we get new ones, and I'm convinced it's so that
| companies can sell a new phishing training to corporations every
| year.
| asylteltine wrote:
| [dead]
| cosmiccatnap wrote:
| I'm surprised we still post articles from Krebs on here. I'm also
| surprised people think SMS is a safe mechanism for verification
| or validation
| nielsbot wrote:
| Is Krebs bad?
| sprawl_ wrote:
| I received one of these letters and nearly tossed it out before
| noticing the buried lede in the middle of the fourth paragraph
| indicating that my information had been compromised.
| kalupa wrote:
| and I missed that paragraph entirely ... I've also received,
| what apparently matches the description of the "smashing" in
| the original article, attempts sent to me, too. They were, to
| me, so obviously scams (the hostnames were suspect) that it
| seemed unimportant to notice the _real_ tracking codes used.
|
| Now I'm more interested to know how this data leaked ...
| stef25 wrote:
| Some of these tracking websites (not UPS) require fairly simple
| data to reveal the sender & recipient.
|
| I'm sure with enough time & patience you could enumerate the hell
| out of them or use data from previous leaks to get your hands on
| the good stuff. It's all about rate limiting, but that can also
| be defeated pretty easily.
| waselighis wrote:
| That seems unlikely to me as UPS certainly would have spotted
| that kind of activity in their logs (enumerating). However, it
| may not be entirely impossible either. UPS tracking numbers are
| long but not completely random, they encode a lot of info about
| the shipment which can greatly reduce the search space.
|
| https://www.trackingmore.com/tracking-status-detail-en-238.h...
| stef25 wrote:
| Wasn't talking about UPS but smaller shipping companies here
| in EU.
___________________________________________________________________
(page generated 2023-06-22 23:00 UTC)