Categories: Crime StoriesUAE

Cybercriminals pose as postal services to target Middle East consumers

Messages sent from fake websites posing as postal service and delivery firms hit unwitting shoppers

Shoppers across the Middle East have been hit by a widespread phishing scam by cybercriminals who exploited a surge in online shopping.

More than 400 domains impersonated well-known delivery companies and postal services central to the online buying boom, including 276 intended to con users in the Middle East.

Sharjah Police say they have recorded a 70 per cent rise in cybercrime in the past two years. Photo: Sharjah Police

Sophisticated frauds were localised to add a veneer of authenticity, with one UAE user reporting the local postal brand and currency was used.

Cybercriminals also used a method to bypass One Time Password verification through a technique called “Man-in-the-Middle”.

With this technique, card data entered on the phishing website by a victim is manually or automatically inserted into the real website by the scammers to initiate a transaction.

When victim subsequently enters the One Time Password on the phishing page, the “fee” is instead transferred to the cybercriminals’ bank account.

In March, online shopping website dubizzle issued a warning to its customers to be on alert for fake messages from them as well as Emirates Post.

“Over the last few weeks, many scammers have been contacting advertisers on dubizzle with offers to deliver goods through Emirates Post,” the email said.

“Please beware of such messages and do not engage in any kind of transactions unless you already have the product in hand if you’re buying or have received the value of the product you’re selling.

“We do not engage with our users on WhatsApp with random numbers. If you receive such a message with a random number, block that number immediately and report it to us.”

The site encouraged users to safeguard themselves by using dubizzle Chat to hold conversations with prospective buyers and sellers.

The police have set up a booth at City Centre Al Zahia to advise people about the dangers of cybercrime. Photo: Sharjah Police

Tips to stop fraudsters

  • Users are advised to stay vigilant when clicking on links from emails or text messages, regardless of the sender.
  • Users should only employ official websites to track their packages, which also include the contact details of customer support teams.
  • Usually, legitimate delivery companies do not send payment requests by text message or email.
  • Shortened URLs and long chains of redirects are red flags. Do not click on such links and do not enter sensitive information unless you are 100 per cent confident that the website you are dealing with is legitimate.
  • Have a dedicated disposable virtual card with predetermined limits for safe online shopping so that, if it is compromised, the scammers will not be able to access your savings.

Scammers created sites imitating at least 13 delivery brands, postal operators and public companies from the UAE, Bahrain, Egypt, Israel, Jordan, Kuwait, Qatar and Saudi Arabia.

Details of the fraud were reported by Singapore-based cybersecurity experts Group-IB, which has a research centre in Dubai.

“In line with the responsible disclosure protocol, Group-IB always does its best to mitigate these threats,” the company said.

“In this case, Group-IB alerted the regional computer emergency response teams of the active phishing domains and continues to monitor the infrastructure for the appearance of new malicious resources exploiting the delivery theme.”

Details of the widespread fraud were revealed by Group-IB, with the latest fraudulent attempt reported as recently as July 14.

Last week, Sharjah Police said household names including Aramex and Emirates Post had been impersonated by hackers, sending customers links to bills via WhatsApp or text message for a small delivery charge of Dh10 ($2.70) and then stealing bank account or card details.

Customers prompted to pay customs fee or tax

Customers awaiting an order may receive an email or a text message from the national postal service requesting payment for a delivery or customs clearance fee.

Following the link from the message, customers are redirected to a phishing page that requests their bank card details to process the payment.

As soon as the customer submits the form, the sum of the “fee” was deducted from their bank account and transferred to cybercriminals, along with their bank card details.

Web Desk

Recent Posts

Krypton Global announces collaboration with Asas Capital for exclusive services

DUBAI: Krypton Global Real Estate, a leading expert in global property investments, is entering into…

7 hours ago

Rasasi Perfumes brings ancient essence of oud to metaverse

DUBAI: Rasasi Perfumes, a leader in luxury oriental fragrances, has achieved a groundbreaking milestone by…

7 hours ago

Discover unbeatable deals at The Galleria

ABU DHABI: Kick off the festive season in style with shopping bags brimming with incredible…

7 hours ago

AMA celebrates UAE’s ‘Eid Al Etihad’ with iconic Nissan Patrol 2025 parade through Abu Dhabi

ABU DHABI: Al Masaood Automobiles (AMA), the authorised distributor of Nissan in Abu Dhabi, Al…

1 day ago

Casio introduces two bold new additions to G-Shock collection

DUBAI: This winter, Casio introduces two bold new additions to its G-Shock collection – the…

1 day ago

Dubai Insurance and Aster DM Healthcare launch ‘Vibrance Senior’

DUBAI: Dubai Insurance and Aster DM Healthcare have joined forces to unveil ‘Vibrance Senior’, a…

1 day ago