Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific
SMS Phishing Messages Target UAE Citizens, Visitors
The text messages threaten fines if the victims don't provide personal and financial details.
A malicious SMS campaign that harvests personal information and credit card details is targeting citizens and visitors to the United Arab Emirates.
The text-based campaign, run by the so-called Smishing Triad Gang, impersonates the United Arab Emirates Federal Authority for Identity and Citizenship, and claims to be on behalf of the General Directorate of Residency and Foreigners Affairs.
According to researchers from Resecurity, the SMS messages instruct the recipient to update their information "to avoid hefty fines." The link provided in the text message uses a URL-shortening tool to disguise the actual URL.
The Smishing Triad Gang previously ran campaigns impersonating the UAE's official parcel delivery service and global postal and delivery services, where the attackers also tried to collect personal and financial information.
The location of the Smishing Triad gang is unclear, but the fraudulent domains where details are collected are often registered in China.
To protect against detection, the attackers used geolocation filtering to ensure the phishing form will only appear when visited from UAE IP addresses and mobile devices.
Resecurity researchers believe the attackers may have access to a private channel where they obtained information about UAE residents and foreigners living in, or visiting, the country. The gang could have obtained it via third-party data breaches, business email compromises, or databases purchased on the Dark Web.
Read more about:
DR Global Middle East & AfricaAbout the Author
You May Also Like