A
Chinese-speaking
phishing
gang
dubbed
PostalFurious
has
been
linked
to
a
new
SMS
campaign
that’s
targeting
users
in
the
U.A.E.
by
masquerading
as
postal
services
and
toll
operators,
per
Group-IB.
The
fraudulent
scheme
entails
sending
users
bogus
text
messages
asking
them
to
pay
a
vehicle
trip
fee
to
avoid
additional
fines.
The
messages
also
contain
a
shortened
URL
to
conceal
the
actual
phishing
link.
Clicking
on
the
link
directs
the
unsuspecting
recipients
to
a
fake
landing
page
that’s
designed
to
capture
payment
credentials
and
personal
data.
The
campaign
is
estimated
to
be
active
as
of
April
15,
2023.
“The
URLs
from
the
texts
lead
to
fake
branded
payment
pages
that
ask
for
personal
details,
such
as
name,
address,
and
credit
card
information,”
Group-IB
said. “The
phishing
pages
appropriate
the
official
name
and
logo
of
the
impersonated
postal
service
provider.”
The
exact
scale
of
the
attacks
is
currently
unknown.
What’s
known
is
that
the
text
messages
were
sent
from
phone
numbers
registered
in
Malaysia
and
Thailand,
as
well
as
via
email
addresses
through
the
Apple
iMessage
service.
In
a
bid
to
stay
undetected,
the
phishing
links
are
geofenced
such
that
the
pages
can
only
be
accessed
from
U.A.E.-based
IP
addresses.
The
threat
actors
have
also
been
observed
registering
new
phishing
domains
every
day
to
expand
their
reach.
According
to
the
Singapore-based
cybersecurity
company,
a
second
near-identical
campaign
observed
on
April
29,
2023,
mimicked
a
U.A.E.
postal
operator.
UPCOMING
WEBINAR
🔐
Mastering
API
Security:
Understanding
Your
True
Attack
Surface
Discover
the
untapped
vulnerabilities
in
your
API
ecosystem
and
take
proactive
steps
towards
ironclad
security.
Join
our
insightful
webinar!
The
smishing
activity
marks
an
expansion
of
the
threat
actor’s
efforts
since
at
least
2021,
when
it
began
targeting
users
in
the
Asia-Pacific
region.
Group-IB
said
PostalFurious
operations
demonstrate
the “transnational
nature
of
organized
cybercrime.”
To
avoid
falling
prey
to
such
scams,
it’s
recommended
to
practice
careful
clicking
habits
when
it
comes
to
links
and
attachments,
keep
software
up-to-date,
and
ensure
strong
digital
hygiene
routines.
The
development
comes
on
the
heels
of
a
similar
postal-themed
phishing
campaign
dubbed
Operation
Red
Deer
that
has
been
discovered
targeting
various
Israeli
organizations
to
distribute
a
remote
access
trojan
called
AsyncRAT.
The
attacks
have
been
pinned
on
a
threat
actor
codenamed
Aggah.
