“PostalFurious” phishing gang targets UAE users with SMS campaign

A Chinese-speaking phishing gang known as PostalFurious has been linked to a new SMS campaign that targets users in the UAE. The fraudulent scheme involves sending users bogus text messages asking them to pay a vehicle trip fee to avoid additional fines. Unfortunately, clicking on the link provided in the SMS directs unsuspecting recipients to a fake landing page designed to capture payment credentials and personal data.

Fake landing pages are used to capture payment credentials and personal data

The fake landing page is designed to mimic an official payment page, making it difficult to distinguish it from the real page. As such, it is estimated that the campaign is still active as of April 15, 2023. The URLs from the texts lead to fake branded payment pages that ask for personal details such as name, address, and credit card information. Unbeknownst to users, this data is captured and used for fraudulent financial activities.

“Geofenced Phishing Links” to Stay Undetected

To remain undetected, the phishing links are geofenced. This means that the pages can only be accessed from IP addresses based in the UAE. This makes it harder for security experts to track down the gang. However, security researchers explain that this is a common tactic used by cybercriminals to avoid detection.

New phishing domains are registered every day

The cybercriminals behind the PostalFurious phishing gang have been observed registering new phishing domains every day to expand their reach, making it even more difficult for security experts to track down the gang and stop their operations. This also demonstrates the transnational nature of organized cybercrime.

Postal Service Operations Demonstrate Transnational Nature of Organized Cybercrime

As we can see from the PostalFurious phishing gang’s operations, cybercrime knows no borders. This transnational nature is one of the reasons why it is challenging to fight cybercrime. PostalFurious’s operations show the extent to which organized cybercrime can operate across borders and the sophistication of their tactics.

Recommendations to stay safe

To avoid falling prey to such scams, it’s advisable to practice careful clicking habits when it comes to links and attachments. Users should keep their software up-to-date and practice strong digital hygiene routines. It’s also essential to scrutinize the authenticity of any payment page before entering any personal data or payment information.

Operation Red Deer targets Israeli organizations

In a similar postal-themed phishing campaign called Operation Red Deer, various Israeli organizations have been targeted to distribute a remote access trojan called AsyncRAT. Cybersecurity analysts suspect that there may be connections between PostalFurious and Operation Red Deer. Therefore, experts are warning organizations and individuals to remain vigilant and take all necessary precautions.

PostalFurious’s phishing campaign is a clear indication of the sophistication of modern cybercrime. The group’s transnational nature and tactics make it challenging to track and prosecute those behind these types of schemes. Organizations and individuals must remain vigilant to avoid falling prey to phishing attacks. Ultimately, it is essential to stay informed, keep your software up-to-date, and use cybersecurity best practices to protect against such attempts.

Explore more

Service Gaps Are Stalling Embedded Finance Growth

Financial institutions and tech enterprises are discovering that the glittering promise of a friction-free digital economy is often overshadowed by the harsh reality of systemic service failures. While the market for embedded finance across Western Europe is projected to soar past the €100 billion mark by 2030, the distance between technical potential and operational execution remains vast. For many organizations,

AI Code Generation Creates a New DevOps Bottleneck

The seamless integration of artificial intelligence into the modern software development lifecycle has effectively eliminated the traditional typing speed of a programmer as the primary limiting factor in technological innovation. While a software engineer can now utilize an AI assistant to generate a fully functional microservice in less time than it takes to prepare a morning meal, this efficiency is

How Will AI and Private Markets Redefine Wealth Leadership?

The traditional image of a wealth manager holding the keys to exclusive financial kingdoms is rapidly fading into obscurity as sophisticated algorithms and retail-friendly private assets reshape the power dynamics of global finance. For decades, the industry relied on information asymmetry and restricted access to justify premium fees, but that protective moat has finally evaporated. In this new landscape, the

How Is the Wealth Management Industry Transforming?

Sophisticated global investors have fundamentally moved away from the traditional obsession with beating market benchmarks toward a holistic strategy that emphasizes long-term stability and life-cycle management. The wealth management sector is witnessing a historic pivot as the focus on aggressive portfolio optimization is replaced by a trust-based model designed to weather global volatility. This transition reflects a new reality where

Trend Analysis: Integrated Wealth Management Models

The traditional firewall between a client’s corporate empire and their personal checkbook is rapidly dissolving, giving rise to a new era of borderless financial services. In an increasingly complex global economy, High-Net-Worth (HNW) and Ultra-High-Net-Worth (UHNW) individuals are demanding a unified approach that synchronizes investment banking, private wealth management, and legal governance. This article examines the strategic shift toward integrated