A new smishing (SMS phishing) campaign has been observed targeting residents in the United Arab Emirates (UAE), orchestrated by the Smishing Triad gang. This group, previously known for posing as postal providers in the US, UK, and EU, has shifted its focus to impersonating the UAE Federal Authority for Identity and Citizenship. The campaign involves sending malicious SMS messages that claim to be from the General Directorate of Residency and Foreigners Affairs, specifically targeting UAE residents and foreigners in the country.
The fraudulent messages lack sender information and are delivered via SMS or iMessage, using malicious links concealed through URL-shortening services like Bit.ly. The phishing messages have been observed on both Apple iOS and Google Android devices. Notably, victims reported receiving these messages after updating their residence visas, suggesting that the attackers may have gained access to private channels through third-party data breaches, business email compromises (BEC), or dark web databases.
Upon clicking the malicious link, victims are redirected to a fake webpage that mimics the UAE General Directorate of Residency and Foreigners Affairs website. On this fake site, personal information and credit card details are harvested. The attackers use RSA encryption in HTTP responses to complicate timely analysis. Furthermore, the phishing form is designed to appear only for UAE IP addresses and mobile devices, indicating the use of geolocation filtering.
The Resecurity team, which discovered the threat, promptly notified UAE law enforcement agencies and cybersecurity entities to mitigate potential risks associated with identity theft. The discovery coincided with an uptick in fraudulent activities during the holiday season.
In response to these evolving threats, Resecurity recommends heightened cybersecurity awareness and the implementation of identity protection programs. Fraud awareness campaigns, identity protection, and educational programs are emphasized as essential measures against these rapidly evolving smishing threats targeting UAE residents.
