[HN Gopher] SMS phishers harvested phone numbers, shipment data ... ___________________________________________________________________ SMS phishers harvested phone numbers, shipment data from UPS tracking tool Author : todsacerdoti Score : 55 points Date : 2023-06-22 19:16 UTC (3 hours ago) (HTM) web link (krebsonsecurity.com) (TXT) w3m dump (krebsonsecurity.com) | waselighis wrote: | My best guess would be a compromise of a 3rd party service that | acts as an intermediary for UPS (and possibly other shipping | providers) and serves Canadian businesses. Another possibility | is, again, a 3rd party which collects data for businesses for | marketing and analytics purposes, wherein the businesses are | feeding the shipping info to these 3rd parties. Or maybe a 3rd | party which sends out emails or texts containing the shipping | info... It seems unlikely that UPS itself was compromised | considering they're unable to determine how the phishers are | acquiring the shipping info in the first place, especially given | this phishing campaign ran for over two years. | aftbit wrote: | Many of these tracking numbers are actually enumerable if you | know what to look for. All of their support staff are vulnerable | to reasonable sounding social engineering. Applying the former at | scale is easy today, while the second requires more targeted | attention. | johncessna wrote: | phishing | | whaling | | smishing | | pharming | | vishing | | spear phishing | | clone phishing | | snowshoeing | | Every year we get new ones, and I'm convinced it's so that | companies can sell a new phishing training to corporations every | year. | asylteltine wrote: | [dead] | cosmiccatnap wrote: | I'm surprised we still post articles from Krebs on here. I'm also | surprised people think SMS is a safe mechanism for verification | or validation | nielsbot wrote: | Is Krebs bad? | sprawl_ wrote: | I received one of these letters and nearly tossed it out before | noticing the buried lede in the middle of the fourth paragraph | indicating that my information had been compromised. | kalupa wrote: | and I missed that paragraph entirely ... I've also received, | what apparently matches the description of the "smashing" in | the original article, attempts sent to me, too. They were, to | me, so obviously scams (the hostnames were suspect) that it | seemed unimportant to notice the _real_ tracking codes used. | | Now I'm more interested to know how this data leaked ... | stef25 wrote: | Some of these tracking websites (not UPS) require fairly simple | data to reveal the sender & recipient. | | I'm sure with enough time & patience you could enumerate the hell | out of them or use data from previous leaks to get your hands on | the good stuff. It's all about rate limiting, but that can also | be defeated pretty easily. | waselighis wrote: | That seems unlikely to me as UPS certainly would have spotted | that kind of activity in their logs (enumerating). However, it | may not be entirely impossible either. UPS tracking numbers are | long but not completely random, they encode a lot of info about | the shipment which can greatly reduce the search space. | | https://www.trackingmore.com/tracking-status-detail-en-238.h... | stef25 wrote: | Wasn't talking about UPS but smaller shipping companies here | in EU. ___________________________________________________________________ (page generated 2023-06-22 23:00 UTC)