A new cybercriminal campaign that utilises several Absher phishing domains were used by threat actors to steal credentials from Saudi Arabians. Absher is a Saudi Arabian government portal that caters to millions of citizens.
Researchers discovered the campaign last week and have thoroughly explained how it operates. The threat actors attack their targets by sending text messages containing malicious links, redirecting the victims to the government portal phishing page.
The phishing SMS urges recipients to update their information on the Absher portal. However, the portal is a fake version with a fake login interface that could collect the user’s login credentials once they entered it.
Additionally, the fake login page has a pop-up feature that prompts an OTP sent to the registered mobile number. The researchers believed that the actors used this function to avoid the multifactor authentication on the authentic Absher government portal.
Unfortunately, any four-digit OTP is accepted by the portal without verification. Hence, the targeted recipient could successfully login to the fake portal.
The fake Absher government portal also presents a registration form with “to-be filled in” information.
The targeted user will then encounter a registration form needed to be accomplished by them within the phishing domain. After completion, the user will be redirected by the domain to a new web page where they will be instructed to pick a bank.
Subsequently, the targets will be redirected to a fake bank login portal specially crafted by the actors to steal credentials.
The security researchers explained that a loading icon appears after the target submits the internet banking login information. However, the page will intentionally crash while the phishing operators have successfully acquired the user’s banking data.
Experts claimed that the government services of Saudi Arabia had been the recent targets of multiple threat actors since most of the targets from this region owns lucrative amount for profit. Therefore, government organisations should monitor these phishing campaigns that target their citizens to mitigate the impact of these attacks.
Citizens should be well-trained and educated to spread awareness against cyber threats.
