A fraudulent campaign has been discovered in the United Arab Emirates (UAE) [3], targeting both residents and foreigners [3] [4] [5]. This campaign is orchestrated by the Chinese-speaking threat group known as Smishing Triad, who have previously posed as postal providers in the US [3], UK [3], and EU [3].


In their latest campaign, the Smishing Triad has shifted their focus to impersonating the UAE Federal Authority for Identity and Citizenship [3] [4] [5], specifically the General Directorate of Residency and Foreigners Affairs [3] [4]. They send malicious SMS messages to individuals who have recently updated their residence visas, affecting both Android and iOS devices [1] [2] [6]. To conceal their identity [5], they use URL-shortening services to randomize the links they send [2] [6], making detection challenging [5].

The attackers utilize SMS spoofing or spam services to send the messages [1] [6], which contain a link to a fake website impersonating the UAE Federal Authority [1] [2] [6]. This website prompts recipients to enter personal information such as names [1], passport numbers [1], mobile numbers [1], addresses [1] [2] [6], and card information [1]. Notably, the campaign utilizes geofencing to load the phishing form only for UAE-based IP addresses and mobile devices [2] [6].

It is believed that the perpetrators may have obtained information about UAE residents and foreigners through third-party data breaches [1] [2] [5] [6], business email compromises [1] [2] [5] [6], leaked databases [5], or other sources [1] [2] [5] [6]. This latest campaign coincides with the launch of a new underground market called OLVX Marketplace [1] [2] [6], which claims to sell tools for online fraud [1] [2].


The ability of the Smishing Triad gang to adapt and refine their tactics poses a significant challenge to cybersecurity efforts globally [4]. It is crucial for individuals to remain vigilant and cautious when receiving SMS messages or clicking on links, especially if they pertain to government agencies. Organizations and authorities should enhance their security measures to detect and prevent such fraudulent campaigns. Additionally, the collaboration between international law enforcement agencies and cybersecurity experts is essential to track down and apprehend the perpetrators behind these attacks.


[1] https://owasp.or.id/2023/12/20/chinese-speaking-hackers-pose-as-uae-authority-in-latest-smishing-wave/
[2] https://vulners.com/thn/THN:87BCE3263089BA78ACA156D1DB9F811C
[3] https://cybermaterial.com/uae-residents-targeted-in-smishing/
[4] https://securityonline.info/cyber-alert-smishing-triad-gangs-fake-uae-authority-sms-scam/
[5] https://securityaffairs.com/156119/cyber-crime/smishing-uae-federal-authority-sms.html
[6] https://thehackernews.com/2023/12/alert-chinese-hackers-pose-as-uae.html