InfoSec Blog - Beware of Scam Text Messages
January 4, 2021
Be on the look out for text messages that appear to be from UPS advising you of an outstanding delivery charge for a recent order. This is a scam making the rounds using valid order information included on UPS shipping labels.
Over the weekend I received the following text messages related to purchases that I had recently made:
Android accurately detected these as scam messages on my phone, with the links going to a site trying gather personal information and credit card details. Normally I wouldn’t think twice about these messages and simply delete them. However in this case it was concerning that the text messages contained valid order information for orders that I had made recently at the Apple store. In October I ordered prizes for the winners of Cyber Security Roadshow events. These orders were made in the names of the winners and shipped directly to them, and these text messages included those names along with the correct order numbers. How could a scammer get the names of the winner, the valid order numbers shipped through UPS, and my phone number?!
After changing my Apple account password to ensure this wasn't an issue with my account, I did some further research and found that others were reporting similar scam activity on the Apple Discussions site - https://discussions.apple.com/thread/252111398. Several other Apple customers have received SMS messages similar to mine with valid order information. It appears that the common link is the UPS shipping label which includes all of this information including a phone number. This could mean that either Apple or UPS have a data leakage issue which is causing these scam text messages.
How to Recognize a Scam Message
- Scam messages often contain urgent requests for personal information with severe or unrealistic consequences for inaction;
- The sender does not match the organization from which it claims to be sent (e.g., your bank would never send an email from a Gmail account);
- Look for spelling and grammar errors;
- Be wary of offers that seem too good to be true;
- Hover over any embedded links to ensure they lead to a legitimate and expected location;
- Be very cautious of short URLs like bit.ly, owl.ly, etc., as you don’t know where these links will take you. Use a tool such as https://wheregoes.com/
What Can I Do?!
If you receive a message like this in the future you should take the following steps:
- Don't click the links and delete the message,
- Review your email account and/or any related online service accounts for unusual activity,
- Change the passwords for your email and/or related online service accounts,
- Set up multi-factor authentication if the service offers it (see https://twofactorauth.org/ for a full list of online services that offer 2FA), and
- If the message is in relation to a bank or credit card purchase, review your account and contact your bank if there are any unknown transactions or unusual activity
One final piece of advice with respect to shipping labels. When disposing of packaging from online orders, verify that no personal information or order information is visible. If there is, either remove the label or write over it with a permanent marker.
Written by: Stephen Willem (Chief Information Security Officer)