The notorious Chinese Smishing Triad gang has expanded its phishing operations to target iPhone users in India, according to a new report by FortiGuard Labs. This sophisticated campaign leverages both iMessage and the government-operated India Post to deceive users. The scammers send fraudulent iMessages claiming that a package is waiting for pickup at an India Post warehouse. The messages contain a short URL leading to a fake website that closely mimics the official India Post site.
Once on the counterfeit site, victims are prompted to enter sensitive personal information, including their name, residential address, email ID, and phone number. In some instances, the scammers also request credit card details under the guise of a small redelivery fee. The use of such deceptive tactics allows the attackers to gather valuable personal information, potentially leading to further fraud and identity theft.
FortiGuard Labs’ investigation revealed that between January and July 2024, over 470 domain names were registered to impersonate India Post’s official domain. Notably, 296 of these domains were registered through Beijing Lanhai Jiye Technology Co., Ltd., a Chinese registrar, raising concerns about the origins and intentions of the phishing campaign. This extensive operation suggests significant financial investment and planning by the Smishing Triad.
Experts, including Jason Soroko from Sectigo and Stephen Kowski from SlashNext Email Security+, highlight the growing sophistication of smishing attacks and stress the need for enhanced user awareness and security measures. To protect against such scams, users should be cautious of unexpected messages, verify URLs before clicking, and avoid sharing personal information through email or messaging apps. Implementing multi-factor authentication and keeping software up to date can also help safeguard against these sophisticated phishing threats.
Reference:
