China-Backed Phishing Attack Targets India Postal System Users

A large text-message phishing attack campaign attributed to the China-based Smishing Triad employs malicious iMessages.

A China-based hacking group known as Smishing Triad has waged text message-borne phishing attacks against individuals in India, using the countrys government-operated postal system as a lure.
The threat actors are targeting iPhone users with text messages falsely claiming that a package is awaiting collection at an India Post warehouse. The deceptive messages contain URLs leading to fraudulent websites.
According to a new
Fortinet FortiGuard Labs report
, between January and July 2024, more than 470 domain registrations were mimicking India Posts official domain, with the majority registered via Chinese and American domain registrars.
Researchers at FortiGuard Labs discovered phishing emails sent via iMessage using third-party email addresses like Hotmail, Gmail, and Yahoo. Apple ID accounts configured with these third-party emails send the malicious messages containing short URLs that direct recipients to the fraudulent websites.
India Post is just the latest mail service to face mobile phishing attacks. The US Postal Service (USPS) recently
found its name abused in smishing attacks
orchestrated by a single threat actor based in Tehran. Another recent smishing attack aimed at US citizens informed them they had
unpaid road tolls
, with the aim of coercing targets into giving up their bank information.
Stephen Kowski, field CTO at SlashNext Email Security+, says the India Post phishing campaign highlights the evolving tactics of threat actors.
They are now leveraging trusted communication channels like iMessage to deceive victims, underscoring the need for comprehensive mobile Web threat protection that can detect and block malicious URLs, even when wrapped in encrypted messages, he says.
As SMS- and other text-based attacks become increasingly sophisticated, organizations must prioritize educating their users on how to identify and report suspicious messages, he notes. They must also implement robust security measures that can inspect and mitigate threats in real-time, regardless of the communication channel used.
By extending security controls to the mobile Web, organizations can better protect their users from these types of attacks, even when they occur outside of traditional network perimeters.
Mobile devices are a prime target for phishing campaigns, given the amount of phishing vectors available to attackers, be it SMS, QR codes, third-party communication apps, or personal email.
This, combined with a relative false sense of security most users and organizations have on mobile, and a lack of active security controls, make mobile phishing campaigns a low risk, high reward for attackers for both personal and corporate information.
Krishna Vishnubhotla, vice president of product strategy at Zimperium, says this type of mobile first attack is something that is occurring more and more every day.
Cybercriminals and hackers have begun to realize that theres a false sense of security with mobile devices, particularly those on iOS, he says.
Users tend to be less careful on their mobile devices than on a standard computer or laptop, and they rarely have proper security controls in place on their mobile devices.
Our own research has shown a significant rise recently in mobile-targeted phishing attacks that only fully execute the attack when the link is clicked from a mobile device, he says. Users must be on guard for anything that appears unusual, especially related to a text message or SMS.
He advises companies to have strong mobile endpoint protection defenses on employee phones to protect against exactly this type of attack, or worse.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
China-Backed Phishing Attack Targets India Postal System Users