SMS Phishing Messages Target UAE Citizens, Visitors

A malicious SMS campaign that harvests personal information and credit card details is targeting citizens and visitors to the United Arab Emirates.

The text-based campaign, run by the so-called Smishing Triad Gang, impersonates the United Arab Emirates Federal Authority for Identity and Citizenship, and claims to be on behalf of the General Directorate of Residency and Foreigners Affairs.

According to researchers from Resecurity, the SMS messages instruct the recipient to update their information "to avoid hefty fines." The link provided in the text message uses a URL-shortening tool to disguise the actual URL.

The Smishing Triad Gang previously ran campaigns impersonating the UAE's official parcel delivery service and global postal and delivery services, where the attackers also tried to collect personal and financial information.

The location of the Smishing Triad gang is unclear, but the fraudulent domains where details are collected are often registered in China.

To protect against detection, the attackers used geolocation filtering to ensure the phishing form will only appear when visited from UAE IP addresses and mobile devices.

Resecurity researchers believe the attackers may have access to a private channel where they obtained information about UAE residents and foreigners living in, or visiting, the country. The gang could have obtained it via third-party data breaches, business email compromises, or databases purchased on the Dark Web.