Detection of SMS campaigns targeting the public in the United Arab Emirates has been confirmed.

Alert: SMS Campaigns Targeting Public in the United Arab Emirates Detected

Residents of the United Arab Emirates have fallen victim to SMS campaigns designed to pilfer payment and personal information. Initially targeting users in the Asia-Pacific region, the campaign, aptly named PostalFurious due to its imitation of postal services, has now expanded its reach to target individuals in the UAE.

Investigations conducted by Group-IB have linked both campaigns to a phishing ring known as PostalFurious, which operates in Chinese-speaking regions. This organized group, active since at least 2021, exhibits agility in establishing large and frequently changing network infrastructures to evade security tools. They employ access-control techniques to avoid automated detection and blocking. Evidence suggests their global operations extend beyond the scope of this particular initiative in the Middle East.

In this campaign, the phishing ring collects payment details through deceptive SMS messages that request recipients to pay fees for tolls and deliveries. The URLs provided in these messages lead to counterfeit branded payment pages that solicit personal information, including names, addresses, and credit card details. The phishing pages imitate the official name and logo of the targeted postal service provider and are accessible only from IP addresses based in the UAE.

The text messages feature shortened URLs, directing users to fake branded payment pages that have been active since at least April 15 of this year. Initially, the campaign impersonated a UAE toll operator, but a subsequent version launched on April 29 introduced spoofing of the UAE postal service.