In the midst of all the scams that are doing the rounds, a new scam is now targeting iPhone users. The new India post scam, which the FortiGuard Labs Threat Research team is attributing to China-based threat actor known as the Smishing Triad, involves iPhone users receiving a message claiming to be from India Post. The iMessage to iPhone users falsely claims that a package is waiting at an India Post warehouse.
Also read: Tips to Stay Safe from Aadhaar Scams – Simple Fixes to Secure Data
FortiGuard Labs has stated that this Smishing Triad has also been used to target other regions, including the US, UK, EU, UAE, KSA, and, most recently, Pakistan. “Phishing scams are becoming increasingly sophisticated, making it essential for everyone to stay vigilant and take proactive steps to protect themselves,” says Vishak Raman, Vice President of Sales, India, SAARC, SEA & ANZ at Fortinet. “To stay safe, always verify the authenticity of any unexpected messages and avoid sharing personal information through email or messaging apps. Use strong, unique passwords and enable multi-factor authentication on your accounts. Keeping your software updated and staying informed about the latest phishing tactics are also crucial.”
How the India Post Scam Works
The India Post scam usually involves scammers sending a message through iMessage directly to the recipients’ registered Apple ID email addresses. The sender ID could be a newly registered Apple ID or a compromised account, says FortiGuard Labs. This method is hard to identify as the message appears within the recipient’s Messages app as an iMessage, which is different from traditional email communications, provided both parties use iMessage-enabled devices and have their Apple IDs configured for iMessage.
“Your package has arrived at the warehouse and we attempted delivery twice but were unable to due to incomplete address information. Please update your address details within 48 hours, otherwise your package will be returned. Please update the address in the link. After the update is completed we will re-deliver within 24 hours, India Post,” says the message.
Once the user clicks the link in the message, they are directed to a fraudulent website that mimics the official India Post site. Here, they are asked to provide personal information, including their name, address, email ID, and phone number. The site then requests debit or credit card details for a supposed redelivery fee of INR 25.02, leading to potential financial theft and further exploitation of the collected data, says the FortiGuard Labs’ research.
India Post has, however, cautioned viewers to beware of such messages, and has advised iPhone users to immediately report such messages to the Sanchar Saarthi portal. “India Post will never request payment via SMS links for package delivery. Be wary of suspicious links and do not click on them. If you encounter any such calls, messages, or emails, report them immediately at the Chakshu Portal,” says a message from India Post.
Fraudulent Domain Registrations and Hosting
FortiGuard Labs discovered the phishing domain ‘indiapost[.]top,’ which impersonates India Post through a cloned copy of the original website. The domain itself does not host any content; instead, specific paths on the domain are utilized to host the phishing website.
Between January and July 2024, over 470 domains were registered to impersonate India Post, with a significant number (296) registered through a Chinese registrar, Beijing Lanhai Jiye Technology Co., Ltd. This high concentration of registrations through a Chinese registrar raises concerns about the intentions behind these activities. The top-level domains (TLDs) frequently used include ‘vip,’ ‘top,’ and ‘buzz,’ with registration costs varying from USD 1 to USD 5 per domain.
The investment in domain registrations alone exceeds USD 1,500, highlighting the scale and commitment of the phishing operation. This financial outlay, combined with hosting and development costs, underscores the significant threat posed by these scams. The campaign’s scale suggests that numerous victims are likely to fall prey, resulting in substantial financial losses and data breaches.
revolutionary platform for online