The notorious Smishing Triad cybercriminal group currently targets the residents of the United Arab Emirates.
Based on reports, the group has an ongoing sophisticated identity theft campaign impersonating the UAE Federal Authority for Identity and Citizenship. The researchers stated that they uncovered this fraudulent operation after the group shifted its tactics from exclusively targeting UAE residents and foreigners within the country.
The Smishing Triad campaign uses SMS messages that impersonate one of UAE’s agencies.
According to investigations, the Smishing Triad campaign operates through malicious SMS messages posing as communications from the United Arab Emirates’ General Directorate of Residency and Foreign Affairs.
However, these messages lack sender information and utilise URL-shortening services like Bit.ly to hide the malicious links sent to victims’ mobile devices. The group was previously notorious for posing as postal providers in the US, UK, and EU and has now adapted its strategies to exploit the unsuspecting residents of one of the wealthiest countries in the world.
This discovery has revealed a connection to the surge of fraudulent activities during the holiday season, suggesting a calculated attempt to exploit the festive period.
Researchers suspect these hackers’ access points are through third-party data breaches, business email compromises (BEC), or dark web databases. Moreover, some of their primary targets are foreigners looking to update their residence visas.
Once the victims click the malicious link within the SMS, the campaign will redirect them to a fake webpage resembling the UAE General Directorate of Residency and Foreigners Affairs website. The attackers aim to covertly collect personal information and credit card details on this fraudulent site.
Additionally, the hackers employed RSA encryption in HTTP responses to further complicate detection, making threat analysis more challenging. The researchers also discovered that a China-based organisation controls the critical domain names integral to this fraudulent campaigns. The campaign also employed a geolocation filtering tactic to ensure that the phishing form appeared exclusively for UAE IP addresses and mobile devices.
These threat details emphasise the need for fraud awareness campaigns, identity protection initiatives, and educational programs since these are crucial defences against the rapidly changing tactics of the Smishing Triad gang.
