- Why the LG G4 OLED is one of my favorite TVs for picture quality - even in 2025
- New WordPress Malware Masquerades as Plugin
- The MacBook Air M4 is on sale for $850 - the lowest price yet for one of my favorite laptops of the year
- MCP for DevOps - Series Opener and MCP Architecture Intro
- Palo Alto Networks to buy Protect AI, strengthen AI security platform
Smishing Triad Targets India with Fraud Surge
A recent surge in fraudulent smishing attacks impersonating India Post, the government-operated postal system, has prompted warnings from Indian authorities and cybersecurity experts.
The Press Information Bureau (PIB) issued alerts in June urging vigilance against suspicious messages falsely claiming to be from India Post, part of India’s Ministry of Communications.
This tactic, known as smishing, involves sending deceptive SMS messages to trick users into divulging personal information or clicking on malicious links.
Cybersecurity firm Resecurity has now identified the perpetrators behind some of these campaigns as the Smishing Triad, a group known for sophisticated cyber fraud operations in multiple countries, including the US, UK, UAE and now India.
The Smishing Triad’s modus operandi involves registering fraudulent domain names that mimic legitimate organizations like India Post. By creating convincing but fake websites, they lure victims into disclosing sensitive information under false pretenses of updating delivery details. This information can be exploited for various malicious purposes, including financial fraud and identity theft.
According to Resecurity, the Smishing Triad recently intensified its operations in India, registering multiple deceptive domains such as inddiapost[.]top and indiapostyt[.]vip. These domains, identified across several hosting platforms, including Cloudflare and Tencent, aim to deceive users seeking legitimate postal services.
Resecurity warned that such attacks have significant implications not only for individual victims but also for national cybersecurity. Cyber espionage and data theft facilitated by large-scale smishing operations could potentially serve the interests of both cybercriminals and nation-state actors seeking to collect vast amounts of personal data.
To counter these threats, the company recommend avoiding clicking on suspicious links, verifying the authenticity of messages and promptly reporting any suspected fraud to law enforcement or cybersecurity agencies.
“In case you are skeptical of any emails, messages and calls, report it to authorities like PIB Fact Check or cyber police,” the company said. “Smartphone users also need to make sure that their devices are updated with the latest software.”
Read more on the Smishing Triad: China-Based Fraud Network Exposed
