高アクティブ
High Risk
75%
Package Delivery Smishing
SMS phishing impersonating couriers to steal payment info or install malware.
#phishing#smishing#mobile
脅威の概要
Smishing campaigns send fake delivery failure texts with links to credential pages or Android malware disguised as tracking apps.
攻撃の挙動
- Urgent delivery fee requests
- Fake tracking portals
- APK sideload prompts on mobile
感染経路
- SMS links
- QR codes on physical mailers
- WhatsApp forwarded messages
症状と指標
- Unexpected courier texts
- Browser redirects to payment gateways
- Unknown apps requesting SMS permissions
即時の緩和策
- Track packages only via official retailer or carrier sites
- Never install APKs from SMS links
削除ガイド
- Uninstall sideloaded apps
- Revoke SMS permissions
- Scan device with mobile security
予防方法
- Mobile web guard
- Disable unknown source installs on Android
テレメトリ指標
- Short-lived .top/.xyz tracking domains
- APK names mimicking DHL, UPS, FedEx
Spray-and-pray smishing targets random numbers hoping recipients have recent online orders.