"'PostalFurious' SMS Attacks Target UAE Citizens for Data Theft"

SMS campaigns targeting residents of the United Arab Emirates (UAE) seek to steal payment and personal information. Previously aimed at Asia-Pacific users, the campaign has been named "PostalFurious" because it impersonates postal services. Group-IB's investigations linked both campaigns to a Chinese-speaking PostalFurious phishing group. This group has been active since at least 2021. They can rapidly establish large network infrastructures, which they frequently alter to avoid detection by security tools, and use access-control methods to prevent automated detection and blocking. Evidence shows they operate beyond the boundaries of this Middle Eastern initiative and on a global scale. This campaign collects payment information via fraudulent SMS messages requesting toll and delivery payments. The URLs in the texts lead to fake payment pages that request personal information such as name, address, and credit card number. The phishing pages also display the official name and logo of the impersonated postal service provider and can only be accessed by UAE-based IP addresses. This article continues to discuss the SMS campaigns targeting UAE citizens. 

Dark Reading reports "'PostalFurious' SMS Attacks Target UAE Citizens for Data Theft"