The United Arab Emirates has recently become a target of SMS campaigns that seek to deceive residents and extract their personal and payment information. This particular campaign, known as PostalFurious, initially targeted individuals in the Asia-Pacific region before expanding its reach to the UAE. It operates by impersonating postal services, using SMS messages to deceive unsuspecting victims into revealing sensitive data.
The investigations carried out by Group-IB have linked both campaigns to a phishing ring called PostalFurious, known for its Chinese-speaking language. This group, active since 2021, possesses the capability to swiftly establish extensive network infrastructures, frequently changing them to evade detection by security systems.
Additionally, the group employs access-control techniques to bypass automated detection and blocking mechanisms. Also, the evidence suggests that PostalFurious operates on a global scale, extending its activities beyond the Middle Eastern initiative under scrutiny.
As part of this campaign, fraudulent SMS messages are being used to gather payment details by deceiving recipients into believing they need to pay fees for tolls and deliveries. The URLs included in these text messages direct individuals to counterfeit payment pages adorned with the logos and names of well-known postal service providers in the country.
Since April 15 of this year, the scam SMS messages have been distributing shortened URLs that lead to counterfeit payment pages. Initially, the campaign impersonated a UAE toll operator, but on April 29, a new version was launched, this time mimicking the UAE postal service. Interestingly, the phishing domains for both versions were hosted on the same servers. The SMS messages were sent from phone numbers registered in Malaysia and Thailand, along with email addresses via iMessage.
These pages illicitly request personal information, including names, addresses, and credit card details. Notably, the phishing pages can only be accessed from IP addresses located within the UAE, further targeting residents of the country.
Anna Yurtaeva, a senior cyber investigation specialist at Group-IB's Digital Crime Resistance Center in Dubai, has confirmed that the group is exclusively targeting members of the public. Previously the group victimized users of Singapore and Australia.
"They launch widespread SMS phishing campaigns, and we are aware of cases where messages have been sent to UAE residents who are not users of the services. From our analysis of the source code and infrastructure of the PostalFurious website, we see that the gang aims to steal payment credentials and personal data from victims," she said.
Data Theft: Significance, Impacts, and Consequences
The Significance of Data Theft:
- Primary Driver: Corporate data theft stems primarily from the pursuit of financial gain, accounting for a minimum of 86% of breaches.
- Exploiting Weaknesses: Attackers exploit security vulnerabilities by stealing and selling data to other malicious actors, maximizing their gains.
Impacts on Businesses:
- Costly Breaches: Data breaches incur substantial costs, with the average breach exceeding $1.2 million in 2018, indicating a 24% increase from the previous year.
- Small Business Vulnerability: Smaller organizations with limited resources face heightened risks, as 60% of them go out of business within six months of an attack.
Broader Consequences:
- Ransomware Extortion: Cybercriminals may hold an organization's data hostage, with paying the ransom not guarantee a resolution.
- Expensive Recovery: Data recovery and system patching post-breach entail significant expenses.
- Reputational Damage and Customer Loss: Data theft leads to customer attrition, while brands with a history of breaches struggle to attract new business.
- Legal Liabilities: Mishandling of data exposes companies to potential lawsuits from affected customers.
- Downtime and Reduced Productivity: Breaches render systems unusable, causing downtime and hampering employee productivity.
- Regulatory Penalties: Non-compliant organizations face substantial financial penalties for failing to meet security mandates.
In a new development, it was discovered not only PostalFurious but there is also another campaign with a similar theme that has emerged. Referred to as "Operation Red Deer," is designed to specifically target Israeli engineering and telecommunications companies. The campaign involves a persistent stream of phishing messages that skillfully impersonate Israel's postal service, adding to the credibility of the attacks. These ongoing events highlight the need for robust mechanisms and quick responses.