India Post Phishing Attacks Linked to China-Based Group Smishing Triad

A China-based hacking group identified as Smishing Triad has unleashed a wave of text message phishing attacks on individuals in India, using the government-operated postal system as bait. The threat actors are specifically targeting iPhone users with deceptive text messages claiming that a package is waiting for them at an India Post warehouse. These messages contain malicious URLs that lead victims to fake websites designed to steal personal information.

According to a recent Fortinet FortiGuard Labs report, over 470 domain registrations mimicking India Post’s official domain were identified between January and July 2024, with the majority registered through Chinese and American domain registrars. Additionally, researchers at FortiGuard Labs uncovered phishing emails sent via iMessage using third-party email addresses like Hotmail, Gmail, and Yahoo to deliver the malicious content.

This trend of text-based phishing attacks extends beyond India, with recent incidents involving the US Postal Service and smishing attacks in the US targeting individuals for unpaid road tolls. Experts like Stephen Kowski, field CTO at SlashNext Email Security+, emphasize the importance of implementing comprehensive mobile web threat protection to combat these evolving tactics used by cybercriminals.

As mobile-first attacks continue to rise, organizations are urged to educate users on how to recognize and report suspicious messages while implementing robust security measures to detect and mitigate threats in real-time. By enhancing security controls on mobile devices, organizations can better safeguard users from falling victim to these sophisticated phishing campaigns targeting personal and corporate information.