The ‘Smishing Triad,’ a cybercrime group specializing in SMS phishing (smishing) attacks, has expanded its operations into the United Arab Emirates (UAE), according to recent research by Resecurity.
Originally discovered in August, the group initially targeted victims in various countries, including the U.S., UK, Poland, Sweden, Italy, Indonesia, and Japan. This expansion into the UAE is notable, with the group using domain names similar to those from their previous campaigns. Their tactics also include geo-fencing, limiting access to smishing pages exclusively to UAE citizens, further suggesting their focused targeting in the region.
Resecurity’s findings reveal that the ‘Smishing Triad’ leverages compromised Apple iCloud accounts and illegally obtained databases containing personally identifying information (PII) of UAE citizens to carry out their attacks. These databases are acquired from the Dark Web, and the attacks are orchestrated through compromised iCloud accounts. Resecurity has alerted the National Computer Emergency Response Team for the UAE (AeCERT) about these activities.
The UAE has been facing a growing trend of cyberattacks, with over 50,000 cyberattacks per day being reported by the UAE Cyber Security Council in partnership with its allies. These attacks primarily target strategic sectors like finance, healthcare, and energy.
The surge in phishing attacks in the second quarter of 2023, witnessing a 77% increase compared to the previous quarter, highlights the urgency of addressing cybersecurity in the country.
Common phishing lures include undelivered parcels, Know Your Customer (KYC) verification scams, promises of free money, and unusual email login alerts. Despite Resecurity’s efforts to block malicious domains associated with the ‘Smishing Triad,’ the battle against these threat actors continues.
