Connect with us

Cyber Crime

India Post Impersonation Scam: Resecurity Exposes Smishing Triad’s Tactics for Mass Data Theft

– Resecurity uncovers a large-scale Smishing Triad campaign targeting Indian users, stealing personal and payment data through fake Indian Post domains.
– PIB urges vigilance against fraudulent messages impersonating postal services to protect sensitive information.



Resecurity Warns: Smishing Triad Exploits India Post in Large-Scale Personal Data Theft Attempt
Resecurity Warns: Smishing Triad Exploits India Post in Large-Scale Personal Data Theft Attempt (AI Generated Image)

NEW DELHI: Indian mobile phone users, beware! A new wave of smishing scams is targeting unsuspecting citizens, impersonating India Post, the national postal service. Cybersecurity experts at Resecurity warn that a notorious cybercriminal group called the Smishing Triad is behind these attacks. Their goal? To steal your personal information and payment details, like credit card numbers.

What is Smishing?

Smishing is a type of phishing scam that uses SMS or text messages to trick victims. These deceptive messages often claim there is a problem with a delivery or account, urging recipients to click on a link to resolve the issue. However, clicking the link leads you to a fake website designed to steal your personal information, such as passwords, addresses, and even credit card details.

The cybercriminals have cast a wide net, registering multiple domains that mimic India Post and other global postal services. Notable domains include indiapostyt[.]vip and huangcn[.]sbs, which resolve to IP addresses associated with Chinese tech giants Tencent and Alibaba, respectively.

Resecurity’s investigation reveals that the threat actors began preparing for this campaign as early as June 2024, registering domain names but keeping them dormant until the July launch. The group’s strategy involves using geographical filtering and User-Agent checks to target mobile device users specifically.

Read Full Report Here: Smishing Triad Is Targeting India To Steal Personal And Payment Data At Scale

How the Scam Works

The scammers lure victims in with the enticing promise of a package waiting for delivery. But they claim there have been failed attempts due to incomplete address information. The message then provides a link for you to “update your details” with the promise of a new delivery attempt within 24 hours. Here are some red flags to watch out for:

  • Urgency: Scammers create a sense of urgency to pressure you into clicking on the link before you have a chance to think twice.
  • Generic Greetings: They may address you vaguely, like “Dear Customer” instead of using your name.
  • Grammatical Errors and Typos: Legitimate companies typically have professional communication with proper grammar and spelling. Be wary of messages with mistakes.
  • Suspicious Links: Don’t click on the link in the message! Hover your cursor over the link (without clicking) to see the actual URL. Does it look like the official India Post website address ( If not, it’s a scam!

ALSO READ: Hajj Pilgrims Targeted by Scammers: Resecurity Exposes New Tactics and Precautions


Fake message being sent by threat actor impersonating India Post.

Fake message being sent by threat actor impersonating India Post.

Who is Behind the Scam?

The culprit behind this campaign is the Smishing Triad, a cybercriminal group known for large-scale malicious activity. This group has a history of targeting not just India Post but also major Fortune 100 brands. They’ve even been involved in distributing malware in the past.

This campaign’s scope extends beyond India, with evidence of similar tactics used to impersonate postal services in Singapore, France, Malaysia, New Zealand, Czech Republic, and Latvia. Additionally, the group has targeted major corporations such as McKinsey & Company, Visa, and Citi.

The cybercriminals are employing sophisticated techniques, including the use of compromised and purposefully registered iCloud accounts to distribute fraudulent iMessages containing smishing URLs. The scale of this operation is significant, potentially involving thousands of such accounts.

Experts warn that this campaign poses a severe threat to personal and financial data security. The aggregated stolen data could serve as a powerful tool for cyberespionage, with potential interest from nation-state actors seeking to collect digital identities on a massive scale.

ALSO READ: Personal and Covid Vaccination Data of 820,000 Dominicans Leaked Online: Resecurity

How to Protect Yourself

  • Never click on links in suspicious messages. This is the golden rule!
  • Do not provide any personal information, including your name, address, phone number, passwords, or credit card details.
  • Verify the sender. A genuine message from India Post will come from a legitimate phone number or email address. You can check the official India Post website for contact information.
  • Report the message. Forward the suspicious message to PIB Fact Check or report it to the cyber police. You can find reporting information on the website. The phone number for the cyber police is 1930.
  • Update your devices. Ensure your phone and computer software are up-to-date with the latest security patches. This can help protect you from malware that might be hidden within the links.

India Post Warns Citizens

The Press Information Bureau (PIB) has already issued a warning about these scams, reminding users that India Post never asks for address updates through text messages.

By staying vigilant and following these tips, you can protect yourself from falling victim to smishing scams and safeguard your personal information. Remember, if something seems too good to be true, it probably is. Don’t be pressured into clicking on suspicious links or providing personal information. If you’re unsure about the legitimacy of a message, it’s always best to err on the side of caution and report it.

ALSO READ: 300% Surge in Cyber Attack – Here Is How Hacktivist Groups Are Targeting India’s General Election

Additional Information

Here are some additional details about the Smishing Triad campaign targeting India, based on the research by Resecurity:

  • The group has been registering domain names impersonating India Post since June, likely in preparation for this large-scale attack.
  • They use compromised iCloud accounts to send fraudulent iMessages with smishing URLs.
  • The scam messages may ask you to provide credit card information to arrange a small payment, but this is just another tactic to steal your financial data.

As smishing campaigns continue to evolve, it is crucial for individuals to stay informed and adopt best security practices. By remaining vigilant and cautious, users can protect themselves from falling victim to these sophisticated cyber threats.


Follow on

 TelegramFacebookTwitterLinkedInInstagram and YouTube




Continue Reading