A sophisticated smishing campaign using fake USPS package delivery notifications led to significant data compromise. Security researcher Grant Smith unveiled that victims across the United States entered 438,669 unique credit cards into fraudulent domains. Moreover, over 50,000 email addresses, including university and government domains, were affected, revealing the vast reach and potential financial impact of the scam. The data breach facilitated by the Chinese-language group not only compromised individual financial data but also exposed at-risk populations, including military personnel, to potential fraud.
Source: https://www.wired.com/story/usps-scam-text-smishing-triad/
TPRM report: https://scoringcyber.rankiteo.com/company/usps-oig
"id": "usp001081924",
"linkid": "usps-oig",
"type": "Breach",
"date": "8/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'location': 'United States'}],
'attack_vector': 'Phishing',
'data_breach': {'number_of_records_exposed': ['438,669 credit cards',
'50,000 email addresses'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Credit card information',
'Email addresses']},
'description': 'A sophisticated smishing campaign using fake USPS package '
'delivery notifications led to significant data compromise. '
'Security researcher Grant Smith unveiled that victims across '
'the United States entered 438,669 unique credit cards into '
'fraudulent domains. Moreover, over 50,000 email addresses, '
'including university and government domains, were affected, '
'revealing the vast reach and potential financial impact of '
'the scam. The data breach facilitated by the Chinese-language '
'group not only compromised individual financial data but also '
'exposed at-risk populations, including military personnel, to '
'potential fraud.',
'impact': {'data_compromised': ['Credit card information', 'Email addresses']},
'initial_access_broker': {'entry_point': 'Fake USPS package delivery '
'notifications',
'high_value_targets': ['University and government '
'domains',
'Military personnel']},
'motivation': 'Financial Gain',
'threat_actor': 'Chinese-language group',
'title': 'USPS Smishing Campaign',
'type': 'Smishing Campaign'}