Many people have been receiving a fake message from ‘India Post’ that has the potential to steal your private information if you click on the link.
The SMS that a user can receive, as alerted by the Press Information Bureau (PIB), says, “Your package has arrived at the warehouse and we attempted delivery twice but were unable to due to incomplete address information. Please update your address within 48 hours, otherwise the package will be returned. In order to update the address, click on the link [indisposegvs.top/IN]. After the update is complete, the package will be re-delivered within 24 hours”.
If a user clicks on the link, the hacker can get into their system and install malicious software, which will give them access to sensitive data that can be misused.
PIB has warned the users that India Post never sends such links or messages asking for updating addresses for delivering articles.
How Does the Scam Work?
After a user clicks on the provided link, and enters their details, a website resembling the official India Post site appears. The website presents a random tracking ID along with a delivery failure notification, prompting the user to update their address.
The link only works on mobile devices and will not open on a desktop. The users can verify the message by checking if it works on both devices.
What is Smishing?
The tactic involved by hackers in the India Post scam is called ‘smishing’. It involves sending deceptive SMS message to trick users into divulging personal information or clicking the malicious links.
Cybersecurity firm Resecurity has now identified the perpetrators behind some of these campaigns as the Smishing Triad, a group known for sophisticated cyber fraud operations in countries, including the US, UK, UAE and India.
The modus operandi involves registering fraudulent domain names that mimic legitimate organisations like the India Post. By creating convincing but fake websites, they lure victims into disclosing sensitive information under false pretenses of updating delivery details. This information can be exploited for various malicious purposes, including financial fraud and identity theft.
According to Resecurity, the Smishing Triad recently intensified its operations in India, registering multiple deceptive domains such as inddiapost[.]top and indiapostyt[.]vip. These domains, identified across several hosting platforms, including Cloudflare and Tencent, aim to deceive users seeking legitimate postal services.
The techniques, include the use of compromised and purposefully registered iCloud accounts to distribute fraudulent iMessages containing smishing URLs.
Resecurity’s investigation reveals that the threat actors began preparing for this campaign as early as June 2024, registering domain names but keeping them dormant until the July launch. The group’s strategy involves using geographical filtering and User-Agent checks to target mobile device users specifically.
How to Avoid Such Cyber Attacks
Avoid clicking on suspicious links, verifying the authenticity of messages and promptly reporting any suspected fraud to law enforcement and cybersecurity agencies.
Follow these steps:
• Never click on the links that ask for your personal details;
• Look for grammatical and language errors in the message, these are strong indicators of a message being fraudulent;
• Instead of submitting the requested details, consider whether you are actually expecting a package — scamsters thrive on people being in a hurry or panicking;
• Always cross check the link provided in a message with that of the original website;
• If you fall prey to such a scam, immediately shut your device, alert your bank and register a police complaint
• If you become a victim of such online financial fraud, immediately register your complaint by calling 1930.