Dubai skyline
Image: David Rodrigo via Unsplash/Photomosh

Cybercriminals target UAE residents, visitors in new info-stealing campaign

A group of hackers in recent months has attempted to steal personal and financial information from residents and visitors of the United Arab Emirates in a new text-based phishing campaign, according to new research.

The cybercriminals — called the Smishing Triad gang — sent malicious text messages purportedly from UAE authorities, luring victims into providing data such as home addresses, phone numbers, and credit card information.

The messages, targeting both Apple iOS and Google Android mobile devices, contained a link to a fake website that looked almost identical to the one of the UAE state agency responsible for residency and foreign affairs, according to researchers at Resecurity.

Before launching the attacks, the hackers likely obtained information about UAE residents and foreigners living in or visiting the country through third-party data breaches, business email compromises or databases purchased on the dark web, researchers said.

Some of their victims included people who had recently updated their residence visas and could be more prone to respond to fake "information requests," according to the report.

The hackers even added a message on the malicious website, cautioning those redirected to it that some of their personal data "is missing" from the state registry. If not provided, these individuals would be "restricted from leaving the UAE" and fined almost $14,000.

To make their targeting more precise, the hackers used geolocation filters. This ensured that the phishing website would only appear when accessed from UAE IP addresses and mobile devices.

In their previous campaigns, Smishing Triad hackers posed as U.S., U.K., and European postal providers. The criminals sent malicious links to victims through SMS or iMessage, and used URL-shortening services like to randomize the links.

The researchers didn’t attribute this campaign to a specific country but said that one of the hackers’ critical domain names was registered via a China-based organization. Resecurity said it notified UAE law enforcement and cybersecurity agencies about the campaign.

Just last week, the UAE was targeted by a different kind of attack coming from politically motivated hackers. They replaced the original TV broadcast with graphic footage from the war between Israel and Hamas.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.