Breach cyber

USPS

Aug 19, 2024 1 min read
USPS

A sophisticated smishing campaign using fake USPS package delivery notifications led to significant data compromise. Security researcher Grant Smith unveiled that victims across the United States entered 438,669 unique credit cards into fraudulent domains. Moreover, over 50,000 email addresses, including university and government domains, were affected, revealing the vast reach and potential financial impact of the scam. The data breach facilitated by the Chinese-language group not only compromised individual financial data but also exposed at-risk populations, including military personnel, to potential fraud.

Source: https://www.wired.com/story/usps-scam-text-smishing-triad/

TPRM report: https://scoringcyber.rankiteo.com/company/usps-oig

"id": "usp001081924",
"linkid": "usps-oig",
"type": "Breach",
"date": "8/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'location': 'United States'}],
 'attack_vector': 'Phishing',
 'data_breach': {'number_of_records_exposed': ['438,669 credit cards',
                                               '50,000 email addresses'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Credit card information',
                                              'Email addresses']},
 'description': 'A sophisticated smishing campaign using fake USPS package '
                'delivery notifications led to significant data compromise. '
                'Security researcher Grant Smith unveiled that victims across '
                'the United States entered 438,669 unique credit cards into '
                'fraudulent domains. Moreover, over 50,000 email addresses, '
                'including university and government domains, were affected, '
                'revealing the vast reach and potential financial impact of '
                'the scam. The data breach facilitated by the Chinese-language '
                'group not only compromised individual financial data but also '
                'exposed at-risk populations, including military personnel, to '
                'potential fraud.',
 'impact': {'data_compromised': ['Credit card information', 'Email addresses']},
 'initial_access_broker': {'entry_point': 'Fake USPS package delivery '
                                          'notifications',
                           'high_value_targets': ['University and government '
                                                  'domains',
                                                  'Military personnel']},
 'motivation': 'Financial Gain',
 'threat_actor': 'Chinese-language group',
 'title': 'USPS Smishing Campaign',
 'type': 'Smishing Campaign'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.