A recent surge in fraudulent smishing attacks impersonating India Post, the government-operated postal system, has prompted warnings from Indian authorities and cybersecurity experts.
The Press Information Bureau (PIB) issued alerts in June urging vigilance against suspicious messages falsely claiming to be from India Post, part of India’s Ministry of Communications.
This tactic, known as smishing, involves sending deceptive SMS messages to trick users into divulging personal information or clicking on malicious links.
Cybersecurity firm Resecurity has now identified the perpetrators behind some of these campaigns as the Smishing Triad, a group known for sophisticated cyber fraud operations in multiple countries, including the US, UK, UAE and now India.
The Smishing Triad’s modus operandi involves registering fraudulent domain names that mimic legitimate organizations like India Post. By creating convincing but fake websites, they lure victims into disclosing sensitive information under false pretenses of updating delivery details. This information can be exploited for various malicious purposes, including financial fraud and identity theft.
According to Resecurity, the Smishing Triad recently intensified its operations in India, registering multiple deceptive domains such as inddiapost[.]top and indiapostyt[.]vip. These domains, identified across several hosting platforms, including Cloudflare and Tencent, aim to deceive users seeking legitimate postal services.
Resecurity warned that such attacks have significant implications not only for individual victims but also for national cybersecurity. Cyber espionage and data theft facilitated by large-scale smishing operations could potentially serve the interests of both cybercriminals and nation-state actors seeking to collect vast amounts of personal data.
To counter these threats, the company recommend avoiding clicking on suspicious links, verifying the authenticity of messages and promptly reporting any suspected fraud to law enforcement or cybersecurity agencies.
“In case you are skeptical of any emails, messages and calls, report it to authorities like PIB Fact Check or cyber police,” the company said. “Smartphone users also need to make sure that their devices are updated with the latest software.”
Read more on the Smishing Triad: China-Based Fraud Network Exposed