PostalFurious: new phishing SMS campaign targets users in UAE
Scam masquerading as postal services and toll operators aims to steal personal data and payment credentials through fake text messages
A Chinese phishing group named PostalFurious has been associated with a new SMS campaign targeting users in the UAE. This campaign is posing as postal services and toll operators, according to Group-IB, a Singapore-based cybersecurity company. The fraudulent tactic used includes sending bogus text messages demanding users to pay a fare for a car ride, with the threat of additional fines if the request is not complied with. To disguise the real phishing link, the messages include a shortened URL.
Details of the elaborate phishing scheme
By clicking on the link provided in the message, unsuspecting recipients are redirected to a fake landing page designed to capture users' personal details and payment credentials. This campaign is estimated to have been running since April 15, 2023. "Messaging URLs lead to fake branded payment pages that ask for personal details, such as name, address and credit card information," Group-IB said. Phishing pages misuse the official name and logo of the imitated postal service.
The attempt to remain hidden and the expansion of PostalFurious operations
The exact extent of the attacks is not currently known. What is known is that the text messages were sent from phone numbers registered in Malaysia and Thailand, as well as email addresses using Apple's iMessage service. In an effort to stay hidden, phishing links are geofenced, meaning the pages can only be accessed from IP addresses based in the UAE. Threat actors have been observed registering new phishing domains every day to expand their reach.
Prevention and recent developments in the world of phishing
To avoid falling victim to such scams, you are advised to be careful when clicking on links and attachments, keep your software up-to-date, and ensure you have good digital hygiene practices. This development follows another mail-themed phishing campaign called "Operation Red Deer" that was discovered targeting various Israeli organizations by distributing a remote access trojan called AsyncRAT. The attacks were attributed to a threat actor named Aggah.
Follow us on WhatsApp for more pills like this06/06/2023 08:32
Editorial AI