US Postal Service Impersonation Scam: A Widescale Mobile Phishing Campaign

Attackers impersonating the US Postal Service (USPS) are striking again, this time in a large-scale mobile phishing campaign that exploits people’s trust in PDF files. This time, it uses a novel evasion tactic to steal credentials and compromise sensitive data in SMS phishing (smishing) attacks.

Smishing Campaign Discovered by Zimperium zLabs

Researchers at Zimperium zLabs have discovered a smishing campaign that uses malicious SMS messages informing people that their package can’t be delivered because of “incomplete address information,”revealed in a recent report. The campaign is designed to trick users into divulging sensitive information.

The Need for Enterprise Security Measures

Indeed, organizations need to get a handle on the issue of unsecured mobile devices in the workplace, another expert says. To do this, notes Darren Guccione, CEO and co-founder at Keeper Security, they should adopt a layered security approach that combines employee education with the use of multifactor authentication (MFA) to prevent credential compromise even if a corporate user falls for an attack.

Zero-Trust Security Frameworks and PAM Solutions

As far as enterprise security goes, he explains, employing zero-trust security frameworks that use privileged access management (PAM) solutions can serve to further mitigate risks “by restricting access to sensitive systems, ensuring only authorized users can interact with critical data.”