Cybercriminals targeting Middle East users in widescale phishing scam: Report

Published: Updated:
Enable Read mode
100% Font Size

Cybercriminals have launched a widescale phishing campaign targeting users in the Middle East, a new report by cybersecurity firm Group-IB revealed, identifying over 270 domains posing as renowned postal service brands.

Pandemic-spurred growth in online shopping created a perfect storm for cybercriminals who found fertile ground for inventing new ways to attack and scam people online.

For all the latest headlines follow our Google News channel online or via the app.

The Group-IB analysts identified more than 400 domains impersonating global brands as part of this phishing campaign, with more than half of which were intended to target users in the Middle East.

Attackers were spotted employing over 30 brands of post services and relevant delivery organizations from over 20 countries worldwide to target their victims.

In the Middle East specifically, scammers impersonated over 13 delivery brands, postal operators, and public companies from at least eight different countries.

The cybercriminals were found to be impersonating well-known postal service brands from Egypt, Kuwait, the United Arab Emirates, Saudi Arabia, Bahrain, Qatar, Jordan, and Israel.

According to the cybersecurity firm, most of the website domains identified were inactive during the time of analysis. Such domains tend to be short-lived by design and new websites are regularly created to further complicate their detection.

The latest domain impersonating a Middle Eastern postal service brand appeared on July 14.

How the phishing scheme works

The scheme targets customers who are awaiting an order they placed online. They may receive an email or an SMS message from a supposed national postal service requesting payment for a delivery and a customs clearance fee.

Once users click on the link in the message, they will be redirected to a phishing page that requests their bank card details to process the payment. As soon as they submit the form, the sum of the fee is deducted from their bank accounts and transferred to the scammer, along with their bank card details.

What makes this scheme even more complicated and believable is that the phishing templates used have been thoroughly localized. For instance, a user based in the UAE will be able to see their local postal brand and currency.

Cybercriminals have also been able to bypass OTP verification through a technique called “Man-in-the-Middle.” This technique ensures that payment card data entered on a phishing website by a victim is manually or automatically inserted into the real website by the scammer to initiate the transaction.

Subsequently, the victim enters the OTP onto the phishing page which might suggest that the alleged fee is instead transferred to the scammers’ bank account.

Attackers utilize distinct phishing kits for specific brands. These phishing templates typically represent archive files containing a collection of scripts that ensure the functionality of a phishing website, serving as a toolset used to build such websites quickly.

All such templates had similar characteristics, namely, the use of a script that validates the number on a banking card so that users do not enter invalid or non-existing bank card details.

Also, the scripts that process input data have unconventional naming patterns such as: jeddah.php, riyadh.php, or dammam.php – this varies depending on the brand’s location.

This and the connections between the identified phishing domains suggest that the campaign targeting users in the Middle East is likely to have been orchestrated by the same group of cybercriminals, the cybersecurity analysts deduced.

How to protect yourself from getting scammed

Group-IB, in a statement on Tuesday, urged users to be wary of links in emails or SMS messages, regardless of the sender, and to only use official websites to track their shipments, noting that delivery companies do not normally send payment requests by SMS or email.

The cybersecurity firm added that shortened website URLs and long chains of redirects are red flags to watch out for, cautioning users to only enter sensitive information when they are 100 percent confident that the website is legitimate.

In addition, using a dedicated disposable virtual card with predetermined spending limits for online shopping could be one of the safest ways to shop online as it would ensure that scammers cannot access one’s personal bank account or savings if compromised.

Read more:

Surge in online scams, hacks expected ahead of FIFA World Cup, expert warns

Forged UK passports being promoted on platforms like TikTok, sold online for $4,210

Scams, ransomware incidence on the rise in Middle East, cybersecurity experts warn

Top Content Trending