Cybersecurity researchers at FortiGuard Labs have revealed that iPhone users in India are being targeted by a new wave of smishing attacks. These attacks involve fraudulent messages that pretend to be from India Post, a government postal system with a network of over 150,000 post offices across the country. The scam messages sent via iMessage falsely claim that a package is waiting at an India Post warehouse.

According to research conducted by FortiGuard Labs Threat Research Team, the campaign is being attributed to a China-based group known as the Smishing Triad. The group has previously targeted the US, UK, EU, UAE, KSA, and Pakistan, among other regions. Scammers use third-party email addresses such as Hotmail, Gmail, or Yahoo to send these phishing messages via iMessage. Once an Apple ID is created and configured for iMessage using these third-party emails, scammers can send fraudulent messages that appear to be legitimate.

FortiGuard Labs’ investigations have revealed a large number of newly registered domains being used for these phishing scams. Between January and July 2024, more than 470 domains mimicking India Post’s official domain were registered. Of these, 296 were registered through Chinese registrar Beijing Lanhai Jie Technology Co., Ltd. and 152 through US registrar Namesilo. The high concentration of registrations through Chinese registrars has raised concerns about underlying intentions.

One such phishing domain, indiapost(.)top, was found to be hosting a cloned copy of the official India Post website. The phishing site asks for sensitive information such as name, address, email ID and phone number, which can be used for further fraud, phishing emails, spreading misinformation or distributing malware. The fraudulent site also asks for debit/credit card information, demanding a small fee for re-delivery of the package.

The modus operandi of these threat actors involves sending messages via iMessage to the recipients’ registered Apple ID email addresses. This ensures that the message appears as an iMessage in the recipient’s Messages app, which is different from traditional email communication.

To reduce the risk of falling victim to such phishing scams, FortiGuard Labs recommends taking several precautions:

–Be alert to unexpected emails and messages, especially those that ask for personal information or request immediate action.
–Check URLs before clicking on links to make sure they point to a legitimate website.
–Ensure that websites use HTTPS, although HTTPS alone does not guarantee security.
–Avoid sharing sensitive information via email or messaging apps.
–Use strong, unique passwords and consider using a password manager.
–Enable multi-factor authentication (MFA) on accounts.
–Be cautious of attachments received from unknown sources.
–Keep software up to date with the latest security patches.
–Educate yourself about and recognize common phishing strategies.
–Report phishing attempts to the relevant authorities or service providers.

By following these recommendations, users can better protect themselves from falling victim to these sophisticated smishing attacks.