In a recent development, cybersecurity researchers at BforeAI have uncovered a concerning increase in phishing attacks targeting residents of the United Arab Emirates (UAE) by impersonating the Dubai Police. These attacks are being facilitated through SMS text messages, which redirect unsuspecting individuals to malicious domains.
Upon conducting an analysis of 268 domains between September 17 and November 22, researchers noted a recurring trend of domains originating from servers in Singapore. These domains have a troubling history of engaging in various malicious activities such as spam, phishing, and botnets. The findings revealed that approximately 50% of these domains were registered by Gname, with the remaining registrations attributed to NameSilo and Dominet.
Further investigation delved into the expiration of over two dozen domains, some of which were registered as recently as November. Interestingly, two registrants from India and Dubai had suspicious names that hinted at legitimate company origins. Despite efforts to maintain anonymity, threat actors have successfully concealed their identities.
The recent surge in phishing attacks closely follows a previous revelation indicating that a vast majority of UAE’s .ae domains are vulnerable to phishing and spoofing attacks due to inadequate DMARC implementation. This underscores the importance of enhancing cybersecurity measures to protect individuals from falling victim to malicious activities.
The attackers behind these fraudulent campaigns have deployed a multifaceted approach to deceive their targets. By registering numerous domains in rapid succession and incorporating sequential numbering, they create an illusion of legitimacy. Additionally, they engage in typosquatting by generating misspelled variations of “Dubai Police” to lure unsuspecting recipients into clicking on deceptive links.
Moreover, the attackers strategically incorporate terms like “police,” “gov,” “portal,” and “online” in domain names to present an appearance of authenticity and trustworthiness. They also exploit less-regulated domain extensions such as “.top,” “.xyz,” and “.click” to conceal their identities further. Notably, a significant portion of these domains was registered using Tencent servers in Singapore, which have been linked to prior malicious activities.
The primary targets of these fraudulent schemes appear to be individuals whose financial information can be exploited under the guise of interacting with a legitimate government entity. Additionally, the attackers exploit fear by leveraging emergency numbers like 999 (UAE emergency services) to target individuals concerned about potential fines or seeking assistance from Dubai Police.
To mitigate the risk of falling victim to these scams, UAE residents are advised to verify the authenticity of websites, exercise caution when interacting with unfamiliar contacts, and remain vigilant for indicators such as the absence of the “HTTPS” protocol, broken links, or unprofessional website designs. By adopting these proactive measures, individuals can enhance their cybersecurity posture and protect themselves from malicious actors seeking to exploit their personal information.
In conclusion, the prevalence of phishing attacks impersonating the Dubai Police in the UAE underscores the critical need for heightened cybersecurity awareness and vigilance among residents. By remaining informed and proactive in safeguarding personal information, individuals can mitigate the risk of falling victim to malicious activities and protect themselves from potential harm.