PostalFurious Threat Actor Targets UAE Victims with Smishing Campaign

Group-IB has identified a Chinese-speaking phishing group called PostalFurious that is conducting a new SMS campaign in the U.A.E. The group poses as postal services and toll operators to target users. Their fraudulent strategy involves sending fake text messages to individuals, urging them to pay a vehicle trip fee to avoid penalties. These messages contain shortened URLs that disguise the actual phishing links.

If recipients click on the provided link, they are redirected to a counterfeit landing page designed to capture personal data and payment credentials. The campaign has been active since April 15, 2023.

The phishing pages mimic the official name and logo of the impersonated postal service provider. By entering personal details such as name, address, and credit card information on these fraudulent payment pages, users unknowingly provide the scammers with sensitive information.

Malicious SMS Messages Originating from Malaysia and Thailand

The full extent of the attacks is currently unknown. However, it has been determined that the text messages originated from phone numbers registered in Malaysia and Thailand, as well as from email addresses via the Apple iMessage service.

To avoid detection, the phishing links are geofenced, restricting access to the pages from IP addresses located in the U.A.E. The threat actors continuously create new phishing domains to expand their reach.

Group-IB reported a similar campaign on April 29, 2023, impersonating a U.A.E. postal operator.

This smishing (SMS phishing) activity represents an escalation of the group's operations since at least 2021, when they began targeting users in the Asia-Pacific region. Group-IB emphasizes that the activities of PostalFurious highlight the international nature of organized cybercrime.

To protect yourself from such scams, it is advisable to be cautious when clicking on links and attachments, keep your software updated, and maintain good digital hygiene practices.