Chinese PostalFurious Gang Strikes UAE Users with Sneaky SMS Phishing Scheme

netspi 728 2

A Chinese-speaking phishing gang dubbed PostalFurious has been linked to a new SMS campaign that’s targeting users in the U.A.E. by masquerading as postal services and toll operators, per Group-IB.

The fraudulent scheme entails sending users bogus text messages asking them to pay a vehicle trip fee to avoid additional fines. The messages also contain a shortened URL to conceal the actual phishing link.

Clicking on the link directs the unsuspecting recipients to a fake landing page that’s designed to capture payment credentials and personal data. The campaign is estimated to be active as of April 15, 2023.

“The URLs from the texts lead to fake branded payment pages that ask for personal details, such as name, address, and credit card information,” Group-IB said. “The phishing pages appropriate the official name and logo of the impersonated postal service provider.”

The exact scale of the attacks is currently unknown. What’s known is that the text messages were sent from phone numbers registered in Malaysia and Thailand, as well as via email addresses through the Apple iMessage service.

In a bid to stay undetected, the phishing links are geofenced such that the pages can only be accessed from U.A.E.-based IP addresses. The threat actors have also been observed registering new phishing domains every day to expand their reach.

According to the Singapore-based cybersecurity company, a second near-identical campaign observed on April 29, 2023, mimicked a U.A.E. postal operator.

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Attend for Free

The smishing activity marks an expansion of the threat actor’s efforts since at least 2021, when it began targeting users in the Asia-Pacific region. Group-IB said PostalFurious operations demonstrate the “transnational nature of organized cybercrime.”

To avoid falling prey to such scams, it’s recommended to practice careful clicking habits when it comes to links and attachments, keep software up-to-date, and ensure strong digital hygiene routines.

The development comes on the heels of a similar postal-themed phishing campaign dubbed Operation Red Deer that has been discovered targeting various Israeli organizations to distribute a remote access trojan called AsyncRAT. The attacks have been pinned on a threat actor codenamed Aggah.



Original Source


 

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

join
Telegram
discord
Discord
reddit
Reddit
linkedin
LinkedIn