India Post Customers Targeted in Massive Phishing Scam

India Post Phishing Campaign
The phishing site (left) is compared to the original site.

A sophisticated phishing campaign targeting iPhone users in India has been uncovered by the FortiGuard Labs Threat Research team. The attackers believed to be the China-based Smishing Triad, are impersonating India Post to trick victims into revealing sensitive personal and financial information.

The scam involves sending iMessages to iPhone users falsely claiming that a package is waiting for them at an India Post warehouse. These messages often contain a short URL leading to a fraudulent website that mimics the official India Post site.

The attackers use third-party email addresses such as Hotmail, Gmail, and Yahoo, which can be associated with Apple IDs. This allows the threat actors to send phishing messages through iMessage using these email addresses. These messages often contain short URLs leading to fraudulent websites designed to harvest sensitive information.

Once on the fake website, victims are prompted to enter their personal details, including name, address, email ID, and phone number. In some cases, they are then asked to provide their debit/credit card information under the guise of paying a small fee for redelivery of the package.

Between January and July 2024, FortiGuard Labs identified over 470 newly registered domains impersonating India Post’s official domain. A substantial portion of these domains, 296 to be precise, were registered through the Chinese registrar Beijing Lanhai Jiye Technology Co., Ltd., while another 152 were registered via the American registrar Namesilo. This concentrated activity raises significant concerns regarding the intent behind these registrations, exemplifying homograph phishing attacks where domain names visually resemble legitimate ones.

One of the phishing domains, ‘indiapost[.]top,’ impersonates India Post by using a cloned copy of the official website. Despite being registered on November 28, 2023, it is actively being used to deceive users. The fraudulent site mimics the original India Post website to collect sensitive information, such as names, residential addresses, email IDs, and phone numbers, which can be leveraged in future scams or for spreading malware.

The attackers are specifically targeting iPhone users by sending phishing messages through iMessage. This adds a layer of legitimacy to the scam, as messages appear within the Messages app alongside genuine communications.

To safeguard against these sophisticated phishing attacks, users should:

  • Verify Sources: Always verify the authenticity of messages claiming to be from official entities like India Post.
  • Be Cautious with Links: Avoid clicking on suspicious links in messages, especially those requesting personal or financial information.
  • Enable Security Features: Utilize security features provided by email and messaging services to block and report suspicious activities.

Related Posts: