Security researchers have observed a new fraudulent campaign orchestrated by the Smishing Triad gang and impersonating the United Arab Emirates Federal Authority for Identity and Citizenship.
Operating through malicious SMS messages that claim to be from the General Directorate of Residency and Foreigners Affairs, the campaign specifically targets UAE residents and foreigners in the country.
The Resecurity team discovered the threat and promptly notified UAE law enforcement agencies and cybersecurity entities to mitigate potential risks associated with identity theft.
According to an advisory published by the company on Monday, the discovery coincided with an uptick in fraudulent activities during the holiday season.
The Smishing Triad gang, previously known for posing as US, UK and EU postal providers, has shifted its tactics to focus on UAE residents.
The group utilizes malicious links sent via SMS or iMessage to victims' mobile devices, concealing them through URL-shortening services like Bit.ly.
The phishing messages, observed on both Apple iOS and Google Android devices, lack sender information, possibly utilizing Caller ID or underground SMS spoofing services.
Notably, victims reported receiving such messages after updating their residence visas, suggesting potential access to private channels through third-party data breaches, business email compromises or dark web databases.
Upon clicking the link, victims are redirected to a fake webpage resembling the UAE General Directorate of Residency and Foreigners Affairs website, where personal information and credit card details are stolen.
The attackers used RSA encryption in HTTP responses to complicate timely analysis.
According to Resecurity, a China-based organization controls critical domain names employed in fraudulent campaigns.
The attackers use geolocation filtering, allowing the phishing form to appear only for UAE IP addresses and mobile devices.
To protect against these evolving threats, Resecurity recommended heightened cybersecurity awareness and the implementation of identity protection programs.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 19 Dec 2023 16:30:13 +0000