- '코트 안팎에서 데이터와 AI 활용하기'··· NBA팀 올랜도 매직의 디지털 여정
- Phone theft is on the rise - 7 ways to protect your device before it's too late
- 최형광 칼럼 | 데이터는 더 이상 정제되지 않는다
- New Intel Xeon 6 CPUs unveiled; one powers rival Nvidia’s DGX B300
- First $1B business with one human employee will happen in 2026, says Anthropic CEO
Smishing Triad Targets UAE Residents in Identity Theft Campaign
Security researchers have observed a new fraudulent campaign orchestrated by the Smishing Triad gang and impersonating the United Arab Emirates Federal Authority for Identity and Citizenship.
Operating through malicious SMS messages that claim to be from the General Directorate of Residency and Foreigners Affairs, the campaign specifically targets UAE residents and foreigners in the country.
The Resecurity team discovered the threat and promptly notified UAE law enforcement agencies and cybersecurity entities to mitigate potential risks associated with identity theft.
According to an advisory published by the company on Monday, the discovery coincided with an uptick in fraudulent activities during the holiday season.
The Smishing Triad gang, previously known for posing as US, UK and EU postal providers, has shifted its tactics to focus on UAE residents. The group utilizes malicious links sent via SMS or iMessage to victims’ mobile devices, concealing them through URL-shortening services like Bit.ly.
The phishing messages, observed on both Apple iOS and Google Android devices, lack sender information, possibly utilizing Caller ID or underground SMS spoofing services.
Read more on Smishing Triad: China-Based Fraud Network Exposed
Notably, victims reported receiving such messages after updating their residence visas, suggesting potential access to private channels through third-party data breaches, business email compromises (BEC) or dark web databases.
Upon clicking the link, victims are redirected to a fake webpage resembling the UAE General Directorate of Residency and Foreigners Affairs website, where personal information and credit card details are stolen.
The attackers used RSA encryption in HTTP responses to complicate timely analysis. According to Resecurity, a China-based organization controls critical domain names employed in fraudulent campaigns. Furthermore, the attackers use geolocation filtering, allowing the phishing form to appear only for UAE IP addresses and mobile devices.
To protect against these evolving threats, Resecurity recommended heightened cybersecurity awareness and the implementation of identity protection programs.
“Because the Smishing Triad gang is actively targeting the Emirates using multiple schemes, cybersecurity agencies and UAE citizens must remain vigilant,” reads the advisory.
“Fraud awareness campaigns, identity protection and educational programs are essential first lines of defense against these rapidly evolving threats.”
