A recent wave of phishing attacks originating from a China-based hacking group known as Smishing Triad has targeted individuals in India through text messages, utilizing the government-operated postal system as a bait. The deceptive messages, specifically aimed at iPhone users, falsely claim that a package is awaiting collection at an India Post warehouse and include URLs that direct recipients to fraudulent websites.

A report from Fortinet FortiGuard Labs revealed that between January and July 2024, over 470 domain registrations were detected mimicking India Post’s official domain. Most of these domains were registered through Chinese and American domain registrars, indicating a sophisticated operation by the hackers.

Further investigation by researchers at Fortinet Labs uncovered phishing emails sent via iMessage using third-party email addresses like Hotmail, Gmail, and Yahoo. The emails contained short URLs that led recipients to the fraudulent websites, highlighting the evolving tactics of threat actors in using trusted communication channels to deceive victims.

The India Post phishing campaign is just one example of a growing trend in mobile-based phishing attacks. The US Postal Service (USPS) recently experienced similar attacks orchestrated by a threat actor based in Tehran, while US citizens were targeted with smishing attacks claiming they had unpaid road tolls, aiming to gather sensitive bank information.

Stephen Kowski, field CTO at SlashNext Email Security+, emphasized the importance of comprehensive mobile Web threat protection to detect and block malicious URLs, even when hidden in encrypted messages. As SMS and text-based attacks become more sophisticated, organizations must prioritize educating their users on identifying and reporting suspicious messages, along with implementing robust security measures to mitigate threats in real-time.

By extending security controls to the mobile Web, organizations can better safeguard their users from these types of attacks, even when they occur outside traditional network perimeters. Mobile devices are increasingly becoming a prime target for phishing campaigns due to the various vectors available to attackers, such as SMS, QR codes, third-party communication apps, and personal email.

Krishna Vishnubhotla, vice president of product strategy at Zimperium, highlighted the rise of “mobile first” attacks and the false sense of security that users tend to have on mobile devices, particularly iOS devices. Cybercriminals have recognized this vulnerability and are exploiting it through targeted phishing attacks that fully execute when clicked on a mobile device.

Vishnubhotla emphasized the importance of having strong mobile endpoint protection defenses on employee phones to guard against these types of attacks. Users must remain vigilant and cautious, especially when encountering unusual text messages or SMS, to prevent falling victim to malicious schemes. As the threat landscape continues to evolve, proactive measures and awareness are crucial in defending against mobile phishing attacks.

Извор линк