There is a targeted text message phishing campaign occurring as of Jan 2, 2021. It is targeting those who have ordered products from apple.com.
What makes this attempt stand out from the rest is that it actually contains proper order numbers, your name, and is sent to your phone number that Apple has on file.
It presents as a text message that says there is a fee that needs to be paid to avoid delivery. It then includes a phishing link that actually does include the order number of your Apple order. However note the link is not a real UPS link, it will most likely bring you to a form to enter your personal info in an effort to steal it, so do not click the link. An example is seen below:
The text message may or may not be automatically detected and flagged as a spam message on your phone, and you will most likely get a text for each order number if you purchased more than one item from apple.com
Other Apple users are reporting this as well.
As all of the information used in the scam is information that is available from the UPS shipping labels, as such others are speculating that there is a leak in the distribution chain somewhere and bad actors are getting a hold of this legitimate information.
What to do if you get one of these messages
- Do not respond to it
- Do not click the link
What if I want to be extra safe and secure with this and future scams?
- Reset any related account passwords to a strong, unique password.
- Enable Multi Factor Authentication on the service so that even if someone had your password, they still would not be able to login as they would also need to click a verification on your phone that you have possession of. (here is how to enable it for your Trent account)
- Contact the organization via their phone number or email on their website. Make sure to not use any contact information provided within the scam message.
Review of the red flags of scam messages
- Be wary of any urgent sounding requests for personal information
- Make sure the sender matches the organization from which it claims to be sent. In this example 'upsexpress.click' does not equal the actual proper UPS address 'ups.com'.
- Look for spelling/grammar issues. Note that nowadays these are not as common in scam messages as they once were, so do not take proper spelling/grammar as a sign that everything is ok
- Links can be hidden, always hover your mouse on them to make sure they are going somewhere legitimate. (or long-press them on your mobile devices to copy their links and have a look that way)
- If a link shortener is in use, bit.ly, or owl.ly, that may be a sign of a scam. In these cases you can confirm where they are actually going from websites like https://wheregoes.com
Thanks to Stephen Willem, CISO at the University of Guelph, for discovering and sharing this information so quickly.
Back to Cybersecurity Blog home.
Stavros Tzagadouris - Level 1 Information Security Officer - Trent University