Fake postal messages targeting Indian users is linked to China, researchers say

Avatar

Hackers are using India’s postal system to lure victims into clicking on malicious messages, according to a new report.

The campaign likely aims to steal users’ personal and financial information, according to the research published Thursday by cybersecurity firm Fortinet.

The scam targets iPhone users with iMessages that falsely claim a package is awaiting pickup at an India Post warehouse. The messages often contain a short link leading to a fraudulent website that impersonates India Post.

The threat actors send malicious messages via iMessage directly to the recipients’ registered Apple ID email addresses. The sender ID could be a newly registered Apple ID or a compromised account, researchers said.

The malicious India Post website asks users to provide their name, full residential address, email ID, phone number and debit and credit card information for a payment allegedly required for redelivering the package.

The hackers can use this information in future operations to send phishing emails, spread disinformation or distribute malware, researchers said. 

According to Fortinet, the campaign could be linked to China, as half of the 470 discovered domain registrations mimicking India Post’s official domain were registered via a Chinese company.

“The notable concentration of registrations through a Chinese registrar certainly raises substantial concerns about the underlying intentions,” researchers said.

Fortinet suggested that the campaign against Indian users “may serve as a strategic initiative to raise funds to fuel operations in China.”

Earlier reports about this campaign linked the India Post-themed attacks to a China-based threat actor known as the Smishing Triad.

The group has conducted similar operations before. Last December, it attempted to steal personal and financial information from residents and visitors of the United Arab Emirates in a text-based phishing campaign.

The hackers sent malicious text messages purportedly from UAE authorities, luring victims into providing data such as home addresses, phone numbers and credit card information.

Fortinet said the latest campaign against Indian users likely required substantial investment to register and host hundreds of domains.

This highlights “the threat actors’ commitment, the phishing operation’s scale, and its potential long-term impact,” researchers said. Researchers did not disclose the number of users affected by the scam.

“We believe that the likelihood of numerous victims falling prey to these scams is increased, leading to substantial financial losses, data breaches, and other security issues for individuals and organizations targeted by these domains.”

Postal delivery scams affect customers worldwide, including those in the U.S. For example, UPS and FedEx courier services have previously warned their customers about fraudulent telephone calls, text messages and emails disguised as official communications from the companies, but which in reality come from scammers.

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Another European Parliament member says he’s been targeted with commercial spyware

Next Post

France launches large-scale operation to fight cyber spying ahead of Olympics

Related Posts

Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign

Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and GhostEmperor. "Investigators
Avatar
Read More

OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda

OpenAI on Friday said it banned a set of accounts linked to what it said was an Iranian covert influence operation that leveraged ChatGPT to generate content that, among other things, focused on the upcoming U.S. presidential election. "This week we identified and took down a cluster of ChatGPT accounts that were generating content for a covert Iranian influence operation identified as
Avatar
Read More