Chinese PostalFurious Gang Strikes UAE Users with Sneaky SMS Phishing Scheme

Cyber Security

Jun 06, 2023Ravie Lakshmanan

A Chinese-speaking phishing gang dubbed PostalFurious has been linked to a new SMS campaign that’s targeting users in the U.A.E. by masquerading as postal services and toll operators, per Group-IB.

The fraudulent scheme entails sending users bogus text messages asking them to pay a vehicle trip fee to avoid additional fines. The messages also contain a shortened URL to conceal the actual phishing link.

Clicking on the link directs the unsuspecting recipients to a fake landing page that’s designed to capture payment credentials and personal data. The campaign is estimated to be active as of April 15, 2023.

“The URLs from the texts lead to fake branded payment pages that ask for personal details, such as name, address, and credit card information,” Group-IB said. “The phishing pages appropriate the official name and logo of the impersonated postal service provider.”

The exact scale of the attacks is currently unknown. What’s known is that the text messages were sent from phone numbers registered in Malaysia and Thailand, as well as via email addresses through the Apple iMessage service.

In a bid to stay undetected, the phishing links are geofenced such that the pages can only be accessed from U.A.E.-based IP addresses. The threat actors have also been observed registering new phishing domains every day to expand their reach.

According to the Singapore-based cybersecurity company, a second near-identical campaign observed on April 29, 2023, mimicked a U.A.E. postal operator.

UPCOMING WEBINAR

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

The smishing activity marks an expansion of the threat actor’s efforts since at least 2021, when it began targeting users in the Asia-Pacific region. Group-IB said PostalFurious operations demonstrate the “transnational nature of organized cybercrime.”

To avoid falling prey to such scams, it’s recommended to practice careful clicking habits when it comes to links and attachments, keep software up-to-date, and ensure strong digital hygiene routines.

The development comes on the heels of a similar postal-themed phishing campaign dubbed Operation Red Deer that has been discovered targeting various Israeli organizations to distribute a remote access trojan called AsyncRAT. The attacks have been pinned on a threat actor codenamed Aggah.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Articles You May Like

Google Reportedly Testing Reimagine, Other Pixel 9 Exclusive AI Features for Older Pixel Phones
Samsung Galaxy M55s India Launch Date Set for September 23; Design and Key Specifications Revealed
iPhone 16 Series Available to Pre-Order in India Ahead of Sale on September 20: Check Price, Offers
Apple Watch Users Can Now Change the Default Ringtone With WatchOS 11 Update
Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military