SUMMARY:
- Researchers found a rise in phishing attacks in the UAE impersonating Dubai Police via SMS.
- Attackers use fake domains with typosquatting and suspicious extensions like “.xyz” and “.top.”
- Many domains originate from Singapore servers linked to prior malicious activity.
- The scams aim to steal financial data and exploit fear using emergency numbers like 999.
- Residents should verify websites, avoid unknown contacts, and check for “HTTPS” to stay safe.
Cybersecurity researchers at BforeAI have identified a rise in phishing attacks targeting residents of the United Arab Emirates (UAE) by impersonating the Dubai Police. The attacks are primarily relayed via SMS texts and redirect users to malicious domains.
The researchers analyzed 268 domains from September 17 to November 22 to identify patterns and trends. Most domains originated from Singapore servers and have a history of malicious activity, including spam, phishing, and botnets. Around 50% of these domains were registered by Gname, and the rest by NameSilo, and Dominet.
Further probing revealed that over two dozen domains have expired, with some registered as recently as November. Two registrants, from India and Dubai, have suspicious names suggesting legitimate company origins. Threat actors, however, have managed to keep their identities anonymous, revealed BeforeAI’s advisory shared exclusively with Hackread.com ahead of its publishing.
This update follows last month’s revelations that 99% of UAE’s .ae domains are vulnerable to phishing and spoofing attacks due to insufficient DMARC implementation.
What’s going on
The attackers are deploying a multi-sided approach to deceive victims. This includes registering numerous domains in fast succession, often with sequential numbering, hinting at the use of automated tools, and using Typosquatting. This means they are creating misspelled variations of “Dubai Police” (e.g., “dubaiploce”) to trick unsuspecting recipients into clicking on illegitimate links.
Furthermore, attackers are adding terms like “police,” “gov,” “portal,” and “online” to the domain names to appear official and trustworthy.
Beyond the “.com” domain, the attackers are heavily utilizing less-regulated extensions like “.top,” “.xyz,” and “.click,” which provide them with more anonymity. Interestingly, a significant portion of the domains were registered using Tencent servers in Singapore, previously linked to malicious activities.
Who are the Targets?
These fraudulent campaigns seem to have two main targets- stealing financial information from individuals who believe they’re interacting with a legitimate government entity and exploiting fear by incorporating emergency numbers like 999 (UAE emergency services) to target those worried about supposed fines or seeking genuine assistance from Dubai Police.
Researchers observed a quick turnaround time for these phishing campaigns. Many domains expire within weeks, suggesting the attackers launch frequent, short-lived operations to evade detection.
To avoid falling victim to such scams, UAE residents should verify official websites, be cautious of unfamiliar contacts, and be wary of websites lacking the “HTTPS” protocol, broken links, or unprofessional design.
