“PostalFurious” phishing gang targets UAE users with SMS campaign

A Chinese-speaking phishing gang known as PostalFurious has been linked to a new SMS campaign that targets users in the UAE. The fraudulent scheme involves sending users bogus text messages asking them to pay a vehicle trip fee to avoid additional fines. Unfortunately, clicking on the link provided in the SMS directs unsuspecting recipients to a fake landing page designed to capture payment credentials and personal data.

Fake landing pages are used to capture payment credentials and personal data

The fake landing page is designed to mimic an official payment page, making it difficult to distinguish it from the real page. As such, it is estimated that the campaign is still active as of April 15, 2023. The URLs from the texts lead to fake branded payment pages that ask for personal details such as name, address, and credit card information. Unbeknownst to users, this data is captured and used for fraudulent financial activities.

“Geofenced Phishing Links” to Stay Undetected

To remain undetected, the phishing links are geofenced. This means that the pages can only be accessed from IP addresses based in the UAE. This makes it harder for security experts to track down the gang. However, security researchers explain that this is a common tactic used by cybercriminals to avoid detection.

New phishing domains are registered every day

The cybercriminals behind the PostalFurious phishing gang have been observed registering new phishing domains every day to expand their reach, making it even more difficult for security experts to track down the gang and stop their operations. This also demonstrates the transnational nature of organized cybercrime.

Postal Service Operations Demonstrate Transnational Nature of Organized Cybercrime

As we can see from the PostalFurious phishing gang’s operations, cybercrime knows no borders. This transnational nature is one of the reasons why it is challenging to fight cybercrime. PostalFurious’s operations show the extent to which organized cybercrime can operate across borders and the sophistication of their tactics.

Recommendations to stay safe

To avoid falling prey to such scams, it’s advisable to practice careful clicking habits when it comes to links and attachments. Users should keep their software up-to-date and practice strong digital hygiene routines. It’s also essential to scrutinize the authenticity of any payment page before entering any personal data or payment information.

Operation Red Deer targets Israeli organizations

In a similar postal-themed phishing campaign called Operation Red Deer, various Israeli organizations have been targeted to distribute a remote access trojan called AsyncRAT. Cybersecurity analysts suspect that there may be connections between PostalFurious and Operation Red Deer. Therefore, experts are warning organizations and individuals to remain vigilant and take all necessary precautions.

PostalFurious’s phishing campaign is a clear indication of the sophistication of modern cybercrime. The group’s transnational nature and tactics make it challenging to track and prosecute those behind these types of schemes. Organizations and individuals must remain vigilant to avoid falling prey to phishing attacks. Ultimately, it is essential to stay informed, keep your software up-to-date, and use cybersecurity best practices to protect against such attempts.

Explore more

Ethereum Eyes $1,800 as Buterin Unveils Lean Roadmap

Digital asset markets often react violently to technical shifts, but the recent strategic pivot outlined by Vitalik Buterin has sparked a more calculated sense of optimism across the global decentralized finance ecosystem. The Ethereum network is currently navigating a pivotal transition phase where the complexity of past upgrades is being replaced by a streamlined vision designed to reduce hardware requirements

AI Transforms the Frontline Employee Lifecycle

High turnover in retail and manufacturing industries is often the direct result of systemic failure and fragmented technology rather than individual performance or a lack of motivation. In environments where every minute spent off the floor impacts the bottom line, a worker who cannot access their schedule or find a safety manual quickly becomes a significant flight risk. This phenomenon,

Can Your Android Device Run a Full Linux Desktop?

The modern smartphone possesses more raw computational power than the professional workstations that once powered global space exploration, yet its potential remains confined within a mobile interface. Android, while built on the robust Linux kernel, serves as a specialized environment that prioritizes touch interaction and energy efficiency over the versatile multitasking capabilities found in a traditional desktop setup. This inherent

Can Windows 11 Cloud Rebuild Replace Your Recovery USB?

The sudden failure of a primary operating system often triggers an immediate scramble for physical media, yet the necessity for a bootable USB drive is increasingly being challenged by sophisticated network-based solutions. For years, the gold standard for system recovery involved manual intervention with external hardware, which frequently contained outdated builds of Windows that required hours of patching after a

Can UiPath’s AI Strategy Bridge Its Massive Growth Gap?

The enterprise automation landscape has reached a critical juncture where the traditional efficiency gains of robotic process automation are no longer sufficient to satisfy investors who demand hyper-growth fueled by generative artificial intelligence. While UiPath built its empire on the promise of delegating repetitive tasks to software bots, the rapid emergence of agentic AI has forced a fundamental redesign of