CyberSecurityBoard
Sponsor Register Login

Smishing Triad Targets UAE Residents in Identity Theft Campaign

Security researchers have observed a new fraudulent campaign orchestrated by the Smishing Triad gang and impersonating the United Arab Emirates Federal Authority for Identity and Citizenship.
Operating through malicious SMS messages that claim to be from the General Directorate of Residency and Foreigners Affairs, the campaign specifically targets UAE residents and foreigners in the country.
The Resecurity team discovered the threat and promptly notified UAE law enforcement agencies and cybersecurity entities to mitigate potential risks associated with identity theft.
According to an advisory published by the company on Monday, the discovery coincided with an uptick in fraudulent activities during the holiday season.
The Smishing Triad gang, previously known for posing as US, UK and EU postal providers, has shifted its tactics to focus on UAE residents.
The group utilizes malicious links sent via SMS or iMessage to victims' mobile devices, concealing them through URL-shortening services like Bit.ly.
The phishing messages, observed on both Apple iOS and Google Android devices, lack sender information, possibly utilizing Caller ID or underground SMS spoofing services.
Notably, victims reported receiving such messages after updating their residence visas, suggesting potential access to private channels through third-party data breaches, business email compromises or dark web databases.
Upon clicking the link, victims are redirected to a fake webpage resembling the UAE General Directorate of Residency and Foreigners Affairs website, where personal information and credit card details are stolen.
The attackers used RSA encryption in HTTP responses to complicate timely analysis.
According to Resecurity, a China-based organization controls critical domain names employed in fraudulent campaigns.
The attackers use geolocation filtering, allowing the phishing form to appear only for UAE IP addresses and mobile devices.
To protect against these evolving threats, Resecurity recommended heightened cybersecurity awareness and the implementation of identity protection programs.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 19 Dec 2023 16:30:13 +0000


Cyber News related to Smishing Triad Targets UAE Residents in Identity Theft Campaign

Smishing Triad Targets UAE Residents in Identity Theft Campaign - Security researchers have observed a new fraudulent campaign orchestrated by the Smishing Triad gang and impersonating the United Arab Emirates Federal Authority for Identity and Citizenship. Operating through malicious SMS messages that claim to be ...
1 year ago Infosecurity-magazine.com
Cybercriminals target UAE residents, visitors in new info-stealing campaign - A group of hackers in recent months has attempted to steal personal and financial information from residents and visitors of the United Arab Emirates in a new text-based phishing campaign, according to new research. The cybercriminals - called the ...
1 year ago Therecord.media
31 Alarming Identity Theft Statistics for 2024 - Identity theft is a prevalent issue that affects millions of people annually. Although the numbers are startling, we've selected the 31 most concerning identity theft statistics to help you understand how to secure your identity. In 2022, the FTC ...
1 year ago Pandasecurity.com
The Latest Identity Theft Methods: Essential Protection Strategies Revealed - Identity theft has evolved far beyond the days of stolen mail and dumpster diving. Today's identity thieves employ sophisticated techniques, including account takeovers and government benefit fraud, making it essential for you to stay vigilant to ...
1 year ago Hackread.com
UAE Cybersecurity Official Warns of VPN Abuse - The top cyber official in the United Arab Emirates worries that virtual private networks are being misused in the country. UAE residents increased their downloads of VPN apps by 1.83 million in 2023, reaching a total of 6.1 million, according to the ...
1 year ago Darkreading.com
Unmasking Identity Theft: Detection and Mitigation Strategies - In an increasingly digital world, the threat of identity theft looms large, making it imperative for individuals to be proactive in detecting potential breaches and implementing effective mitigation measures. This article delves into key strategies ...
1 year ago Cybersecurity-insiders.com
Taking the complexity out of identity solutions for hybrid environments: Identity Fabric and orchestration - For the past two decades, businesses have been making significant investments to consolidate their identity and access management platforms and directories to manage user identities in one place. Instead, businesses must learn how to consistently and ...
1 year ago Securityintelligence.com
SMS Phishing Messages Targets UAE Citizens, Visitors - A malicious SMS campaign that harvests personal information and credit card details is targeting citizens and visitors to the United Arab Emirates. The text-based campaign, run by the so-called Smishing Triad Gang, impersonates the United Arab ...
1 year ago Darkreading.com
Identity as a Service - Let us introduce Identity as a Service, a revolutionary identity management strategy that aims to improve security, simplify user interfaces, and enable frictionless access to online resources. Organizations can use IDaaS platforms to access identity ...
1 year ago Feeds.dzone.com
Unpaid Toll Texts Lead to Smishing Triad Attacks - A recent surge in smishing attacks has been linked to fraudulent unpaid toll text messages, forming a triad of cyber threats that exploit unsuspecting victims. These attacks typically begin with a text message claiming unpaid toll fees, prompting ...
2 weeks ago Darkreading.com
How Strata Identity and Microsoft Entra ID solve identity challenges in mergers and acquisitions - In particular, there is an immediate and profound impact on the identity and access management postures of both companies. While most combined organizations aspire to eventually consolidate their identity systems, this is a challenging and ...
1 year ago Microsoft.com
UAE Banks on AI to Boost Cybersecurity - For the United Arab Emirates, an aggressive push for a more digitized economy attracted plenty of interest and subsequent investment - but also made it a prime candidate for relentless cyberattacks. With nearly 50,000 cyberattacks reportedly thwarted ...
1 year ago Darkreading.com
Threat Actors Leveraging Toll Payment Services in Massive Hacking Attack - The attackers have demonstrated remarkable sophistication in their ability to spoof official toll service communications, making it exceptionally difficult for average consumers to distinguish between legitimate messages and fraudulent ones. At the ...
7 months ago Cybersecuritynews.com
1Kosmos Unifies Identity Verification User Journeys Across Web and Mobile Platforms - PRESS RELEASE. EAST BRUNSWICK, N.J., Nov. 29, 2023 - 1Kosmos, the company that unifies identity proofing and passwordless authentication, today announced the 1Kosmos BlockID platform now enables organizations to seamlessly extend web-based identity ...
1 year ago Darkreading.com
What is Azure Identity Protection and 7 Steps to a Seamless Setup - As a result, tools such as Microsoft's Azure Identity Protection have become a staple in protecting against compromised identities, account takeover, and misuse of privileges. Azure Identity Protection is a security service that provides a robust ...
1 year ago Securityboulevard.com
Remote encryption increasingly adopted by ransomware operations - UAE authority spoofed in new Smishing Triad attacks SC StaffDecember 21, 2023. Individuals who recently updated their residence visas across the United Arab Emirates have been targeted Chinese-speaking threat group Smishing Triad in a new smishing ...
1 year ago Scmagazine.com
Unseen Threats: Identity Blind Spots and Misconfigurations in Cybersecurity - It's rather obvious to most in the IT sector that cybercriminals consistently and successfully exploit stolen or weak online identities to gain unauthorized access to businesses of all types. It's these identities in an enterprise that are clearly ...
1 year ago Cybersecurity-insiders.com
What is identity management? Definition from SearchSecurity - Identity management is the organizational process for ensuring individuals have the appropriate access to technology resources. Identity management is an essential component of security. Identity management includes authenticating users and ...
1 year ago Techtarget.com
Smishing Exploit Targets Cellular Routers to Intercept 2FA Codes - A new smishing exploit has been discovered targeting cellular routers, allowing attackers to intercept two-factor authentication (2FA) codes. This attack vector leverages the vulnerabilities in cellular routers used by individuals and organizations ...
1 month ago Infosecurity-magazine.com
SailPoint unveils two sets of new offerings to help companies grow their identity security program - SailPoint unveiled two sets of new offerings designed to give customers options as they build their identity program, while driving customer success throughout their identity journey. First, the company is extending the family of SailPoint Identity ...
1 year ago Helpnetsecurity.com
The Role of Identity Data Management in Achieving CISA'S Strategic Goals - At the heart of this growing risk is identity, with over 60% of all breaches today involving identity exploitation. As organizations continue to expand their digital footprints, driven by a move towards cloud resources and remote systems, their ...
1 year ago Cyberdefensemagazine.com
Reducing credential complexity with identity federation - Help Net Security - Organizations also need to ensure compatibility between different platforms and protocols, and effectively merge user identities across multiple IdPs to avoid security gaps or identity conflicts. From a security perspective, federated authentication ...
1 year ago Helpnetsecurity.com
Smishing: SMS Phishing Attacks And How to Thwart Them - Smishing is a fast growing version of one of the most established and lucrative scams on the internet. Smishing, like other forms of phishing, aims to trick you into revealing sensitive data and information; however, instead of email, cybercriminals ...
1 year ago Cysecurity.news
Graduation to Adulting: Navigating Identity Protection and Beyond! - There's one first you might not have considered: your first identity protection plan. Imagine this: you're building your credit score, applying for a credit card, or renting your first apartment. These milestones are crucial, but they also make you a ...
1 year ago Webroot.com
Microsoft's Massive AI Push Sparks UAE Security Concerns - Microsoft's aggressive expansion into AI technologies has raised significant security concerns in the United Arab Emirates (UAE). As the tech giant integrates AI across its platforms, UAE officials and cybersecurity experts are wary of potential ...
5 days ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)