Smishing Triad Targets India with Fraud Surge

Security

A recent surge in fraudulent smishing attacks impersonating India Post, the government-operated postal system, has prompted warnings from Indian authorities and cybersecurity experts. 

The Press Information Bureau (PIB) issued alerts in June urging vigilance against suspicious messages falsely claiming to be from India Post, part of India’s Ministry of Communications.

This tactic, known as smishing, involves sending deceptive SMS messages to trick users into divulging personal information or clicking on malicious links.

Cybersecurity firm Resecurity has now identified the perpetrators behind some of these campaigns as the Smishing Triad, a group known for sophisticated cyber fraud operations in multiple countries, including the US, UK, UAE and now India.

The Smishing Triad’s modus operandi involves registering fraudulent domain names that mimic legitimate organizations like India Post. By creating convincing but fake websites, they lure victims into disclosing sensitive information under false pretenses of updating delivery details. This information can be exploited for various malicious purposes, including financial fraud and identity theft.

According to Resecurity, the Smishing Triad recently intensified its operations in India, registering multiple deceptive domains such as inddiapost[.]top and indiapostyt[.]vip. These domains, identified across several hosting platforms, including Cloudflare and Tencent, aim to deceive users seeking legitimate postal services.

Resecurity warned that such attacks have significant implications not only for individual victims but also for national cybersecurity. Cyber espionage and data theft facilitated by large-scale smishing operations could potentially serve the interests of both cybercriminals and nation-state actors seeking to collect vast amounts of personal data.

To counter these threats, the company recommend avoiding clicking on suspicious links, verifying the authenticity of messages and promptly reporting any suspected fraud to law enforcement or cybersecurity agencies.

“In case you are skeptical of any emails, messages and calls, report it to authorities like PIB Fact Check or cyber police,” the company said. “Smartphone users also need to make sure that their devices are updated with the latest software.”

Read more on the Smishing Triad: China-Based Fraud Network Exposed

Products You May Like

Articles You May Like

EU Ramps Up Cyber Resilience with Major Crisis Simulation Exercise
PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims
Researchers Warn of Privilege Escalation Risks in Google’s Vertex AI ML Platform

Leave a Reply

Your email address will not be published. Required fields are marked *