Cybercriminals have launched a widescale phishing campaign targeting users in the Middle East, a new report by cybersecurity firm Group-IB revealed, identifying over 270 domains posing as renowned postal service brands.
Pandemic-spurred growth in online shopping created a perfect storm for cybercriminals who found fertile ground for inventing new ways to attack and scam people online.
The Group-IB analysts identified more than 400 domains impersonating global brands as part of this phishing campaign, with more than half of which were intended to target users in the Middle East.
Attackers were spotted employing over 30 brands of post services and relevant delivery organizations from over 20 countries worldwide to target their victims.
In the Middle East specifically, scammers impersonated over 13 delivery brands, postal operators, and public companies from at least eight different countries.
According to the cybersecurity firm, most of the website domains identified were inactive during the time of analysis. Such domains tend to be short-lived by design and new websites are regularly created to further complicate their detection.
The latest domain impersonating a Middle Eastern postal service brand appeared on July 14.
How the phishing scheme works
The scheme targets customers who are awaiting an order they placed online. They may receive an email or an SMS message from a supposed national postal service requesting payment for a delivery and a customs clearance fee.
Once users click on the link in the message, they will be redirected to a phishing page that requests their bank card details to process the payment. As soon as they submit the form, the sum of the fee is deducted from their bank accounts and transferred to the scammer, along with their bank card details.
What makes this scheme even more complicated and believable is that the phishing templates used have been thoroughly localized. For instance, a user based in the UAE will be able to see their local postal brand and currency.
Cybercriminals have also been able to bypass OTP verification through a technique called “Man-in-the-Middle.” This technique ensures that payment card data entered on a phishing website by a victim is manually or automatically inserted into the real website by the scammer to initiate the transaction.
Subsequently, the victim enters the OTP onto the phishing page which might suggest that the alleged fee is instead transferred to the scammers’ bank account.
Attackers utilize distinct phishing kits for specific brands. These phishing templates typically represent archive files containing a collection of scripts that ensure the functionality of a phishing website, serving as a toolset used to build such websites quickly.
All such templates had similar characteristics, namely, the use of a script that validates the number on a banking card so that users do not enter invalid or non-existing bank card details.
Also, the scripts that process input data have unconventional naming patterns such as: jeddah.php, riyadh.php, or dammam.php – this varies depending on the brand’s location.
This and the connections between the identified phishing domains suggest that the campaign targeting users in the Middle East is likely to have been orchestrated by the same group of cybercriminals, the cybersecurity analysts deduced.
How to protect yourself from getting scammed
Group-IB, in a statement on Tuesday, urged users to be wary of links in emails or SMS messages, regardless of the sender, and to only use official websites to track their shipments, noting that delivery companies do not normally send payment requests by SMS or email.
The cybersecurity firm added that shortened website URLs and long chains of redirects are red flags to watch out for, cautioning users to only enter sensitive information when they are 100 percent confident that the website is legitimate.
In addition, using a dedicated disposable virtual card with predetermined spending limits for online shopping could be one of the safest ways to shop online as it would ensure that scammers cannot access one’s personal bank account or savings if compromised.
Scams, ransomware incidence on the rise in Middle East, cybersecurity experts warnRansomware incidence is on the rise and is quickly becoming the most common cyberattack method on businesses, particularly in the Middle East, ... Technology
Hacker claims to have stolen 1 bln records of Chinese citizens from policeA hacker has claimed to have procured a trove of personal information from the Shanghai police on one billion Chinese citizens, which tech experts say ... World News
Cyberattack hits Norway, pro-Russian hacker group fingeredA cyberattack temporarily knocked out public and private websites in Norway in the past 24 hours, Norwegian authorities said Wednesday.Norwegian Prime ... World News