December 21, 2023 at 10:24AM
A malicious SMS campaign targeting citizens and visitors to the United Arab Emirates is run by the Smishing Triad Gang, impersonating official authorities to collect personal and credit card details. The campaign uses URL-shortening tools to disguise links and is believed to have access to private channels for obtaining information. The gang’s location is unclear.
Key Takeaways from the Meeting Notes:
– A malicious SMS campaign known as the “Smishing Triad Gang” is targeting individuals in the United Arab Emirates, aiming to harvest personal information and credit card details.
– The campaign impersonates UAE official entities like the Federal Authority for Identity and Citizenship and the General Directorate of Residency and Foreigners Affairs to trick recipients into updating their information under the threat of hefty fines.
– The gang has previously impersonated official parcel delivery and global postal services to collect personal and financial information.
– The origin of the Smishing Triad Gang is uncertain, but the domains used to collect information are often registered in China.
– To avoid detection, the gang used geolocation filtering to target their phishing forms specifically to users with UAE IP addresses and mobile devices.
– Researchers believe the attackers may have access to a private channel to obtain information about residents and visitors, possibly from third-party data breaches, business email compromises, or the Dark Web.