The "Packets everywhere!" report details a campaign involving delivery abuse systems leveraged for phishing attacks, specifically smishing (SMS phishing). This campaign exploits the trust users place in delivery notifications by sending fraudulent messages that appear to be from legitimate delivery services. Attackers craft messages that prompt recipients to click on malicious links or provide sensitive information, thereby compromising user credentials or installing malware. The campaign is categorized under the MITRE ATT&CK technique T1566 (Phishing), with a focus on smishing, which targets mobile users via SMS. The abuse of delivery systems as a vector is notable because it exploits a common and trusted communication channel, increasing the likelihood of user interaction. The threat level is assessed as low, and there are no known exploits in the wild beyond the phishing campaign itself. The campaign is reported by CIRCL and is associated with France, indicating a regional focus or origin. The lack of affected software versions or patches suggests this is a social engineering campaign rather than a technical vulnerability. The campaign's perpetual nature implies ongoing activity rather than a one-time event.

For European organizations, especially those in France, this campaign poses a risk primarily to employees and customers who receive SMS messages related to delivery services. The impact includes potential credential theft, unauthorized access to corporate or personal accounts, and possible financial fraud resulting from compromised information. Organizations in sectors with frequent delivery interactions, such as retail, logistics, and e-commerce, are particularly vulnerable. Additionally, compromised credentials can lead to further lateral movement within corporate networks, data breaches, or ransomware attacks. The social engineering nature of the attack means that technical defenses alone may be insufficient, and user awareness is critical. Given the low severity rating, the direct technical impact is limited, but the human factor risk remains significant.

To mitigate this threat, European organizations should implement targeted user awareness training focusing on smishing and delivery-related phishing tactics. Employees and customers should be educated to verify delivery notifications through official channels rather than clicking on links in unsolicited SMS messages. Organizations should deploy SMS filtering solutions where possible and monitor for phishing indicators related to delivery services. Multi-factor authentication (MFA) should be enforced to reduce the risk of account compromise from stolen credentials. Incident response teams should be prepared to handle reports of smishing and conduct timely investigations. Collaboration with mobile carriers to identify and block malicious SMS sources can also be beneficial. Finally, organizations should regularly review and update their communication policies to ensure customers are aware of legitimate notification methods.