A Chinese-speaking phishing gang dubbed PostalFurious has been linked to a new SMS campaign that’s targeting users in the U.A.E. by masquerading as postal services and toll operators, per Group-IB.
The fraudulent scheme entails sending users bogus text messages asking them to pay a vehicle trip fee to avoid additional fines. The messages also contain a shortened URL to conceal the actual phishing link.
Clicking on the link directs the unsuspecting recipients to a fake landing page that’s designed to capture payment credentials and personal data. The campaign is estimated to be active as of April 15, 2023.
The exact scale of the attacks is currently unknown. What’s known is that the text messages were sent from phone numbers registered in Malaysia and Thailand, as well as via email addresses through the Apple iMessage service.
In a bid to stay undetected, the phishing links are geofenced such that the pages can only be accessed from U.A.E.-based IP addresses. The threat actors have also been observed registering new phishing domains every day to expand their reach.
To avoid falling prey to such scams, it’s recommended to practice careful clicking habits when it comes to links and attachments, keep software up-to-date, and ensure strong digital hygiene routines.
The development comes on the heels of a similar postal-themed phishing campaign dubbed Operation Red Deer that has been discovered targeting various Israeli organizations to distribute a remote access trojan called AsyncRAT. The attacks have been pinned on a threat actor codenamed Aggah.
Source: https://thehackernews.com/
