Fake postal messages targeting Indian users is linked to China, researchers say

Avatar

Hackers are using India’s postal system to lure victims into clicking on malicious messages, according to a new report.

The campaign likely aims to steal users’ personal and financial information, according to the research published Thursday by cybersecurity firm Fortinet.

The scam targets iPhone users with iMessages that falsely claim a package is awaiting pickup at an India Post warehouse. The messages often contain a short link leading to a fraudulent website that impersonates India Post.

The threat actors send malicious messages via iMessage directly to the recipients’ registered Apple ID email addresses. The sender ID could be a newly registered Apple ID or a compromised account, researchers said.

The malicious India Post website asks users to provide their name, full residential address, email ID, phone number and debit and credit card information for a payment allegedly required for redelivering the package.

The hackers can use this information in future operations to send phishing emails, spread disinformation or distribute malware, researchers said. 

According to Fortinet, the campaign could be linked to China, as half of the 470 discovered domain registrations mimicking India Post’s official domain were registered via a Chinese company.

“The notable concentration of registrations through a Chinese registrar certainly raises substantial concerns about the underlying intentions,” researchers said.

Fortinet suggested that the campaign against Indian users “may serve as a strategic initiative to raise funds to fuel operations in China.”

Earlier reports about this campaign linked the India Post-themed attacks to a China-based threat actor known as the Smishing Triad.

The group has conducted similar operations before. Last December, it attempted to steal personal and financial information from residents and visitors of the United Arab Emirates in a text-based phishing campaign.

The hackers sent malicious text messages purportedly from UAE authorities, luring victims into providing data such as home addresses, phone numbers and credit card information.

Fortinet said the latest campaign against Indian users likely required substantial investment to register and host hundreds of domains.

This highlights “the threat actors’ commitment, the phishing operation’s scale, and its potential long-term impact,” researchers said. Researchers did not disclose the number of users affected by the scam.

“We believe that the likelihood of numerous victims falling prey to these scams is increased, leading to substantial financial losses, data breaches, and other security issues for individuals and organizations targeted by these domains.”

Postal delivery scams affect customers worldwide, including those in the U.S. For example, UPS and FedEx courier services have previously warned their customers about fraudulent telephone calls, text messages and emails disguised as official communications from the companies, but which in reality come from scammers.

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Another European Parliament member says he’s been targeted with commercial spyware

Next Post

France launches large-scale operation to fight cyber spying ahead of Olympics

Related Posts

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including
Avatar
Read More