🚨New Transnational #Scam Alert:#iPhone users are learnt to be receiving scam messages via #iMessage regarding package / courier from random accounts.
Clicking on suspicious links may be avoided and read receipts may be disabled for such messages.
''When a user clicks on the fraudulent link and enters their details, they are redirected to a website that mimics the official India Post site.
Hackers send deceptive messages to trick users into revealing personal information or clicking on malicious links.Cybersecurity firm Resecurity has identified a group behind these campaigns, known as the Smishing Triad.
This group is notorious for executing sophisticated cyber fraud in countries including the US, UK, UAE, and India.
🚨New Transnational #Scam Alert:#iPhone users are learnt to be receiving scam messages via #iMessage regarding package / courier from random accounts. Clicking on suspicious links may be avoided and read receipts may be disabled for such messages.@Apple @AppleSupport @GoI_MeitY pic.twitter.com/IsMJj0ogiS
— Cyber Dost (@Cyberdost) July 9, 2024
The Indian government has warned iPhone users about a transnational scam fleecing people of their hard-earned money.Cyber Dost, a cyber security division of the Indian government, said a text masquerading as a message from India Post is, in reality, a trap. If a user clicks on the link within this message, hackers can infiltrate their system, install malicious software, and gain access to sensitive data, which can then be exploited.These are crimes operating out of more than one country. The scammers use digital platforms to siphon money across borders and they, occasionally, use cryptocurrencies to remain untraceable.Do not click on the link if you see the following message in your inbox."Your package has arrived in the warehouse and we tried to deliver it twice. But due to incomplete information of your address, we are unable to deliver. Please update your contact details within 48 hours by clicking on the link. If this is not done, the package will be sent back to the company.''When a user clicks on the fraudulent link and enters their details, they are redirected to a website that mimics the official India Post site. This fake site displays a random tracking ID and a delivery failure notification, urging the user to update their address.The link is designed to work only on mobile devices, not on desktops, which can be a clue to verify its authenticity.The tactic used in the India Post scam is known as ‘smishing,’ a form of phishing conducted via SMS. Hackers send deceptive messages to trick users into revealing personal information or clicking on malicious links.Cybersecurity firm Resecurity has identified a group behind these campaigns, known as the Smishing Triad. This group is notorious for executing sophisticated cyber fraud in countries including the US, UK, UAE, and India. Their method involves registering fraudulent domains that mimic legitimate organisations like India Post.Resecurity reports that the Smishing Triad has recently intensified its activities in India, registering numerous deceptive domains such asand, which are linked to IP addresses associated with Chinese technology companies Tencent and Alibaba.The group employs compromised and purposely registered iCloud accounts to distribute fraudulent iMessages containing smishing URLs. Resecurity’s investigation shows that the threat actors began preparing for this campaign as early as June 2024, registering domain names and keeping them inactive until their launch in July. They use geographical filtering and User-Agent checks to specifically target mobile device users.The Press Information Bureau (PIB), under the Ministry of Information and Broadcasting, has warned users against clicking on such malicious links. They clarified that “India Post never sends messages asking for address updates for delivering articles.”To protect against these scams, users should verify the authenticity of the sender by checking the email address, phone number, or other means.If you suspect any emails, messages, or calls, report them to authorities like PIB Fact Check or the cyber police (1930 or visit cybercrime.gov.in).Additionally, ensure your smartphone is updated with the latest software for added security and add a two-factor authentication to all your passwords.