Categories: Crime StoriesUAE

Cybercriminals pose as postal services to target Middle East consumers

Messages sent from fake websites posing as postal service and delivery firms hit unwitting shoppers

Shoppers across the Middle East have been hit by a widespread phishing scam by cybercriminals who exploited a surge in online shopping.

More than 400 domains impersonated well-known delivery companies and postal services central to the online buying boom, including 276 intended to con users in the Middle East.

Sharjah Police say they have recorded a 70 per cent rise in cybercrime in the past two years. Photo: Sharjah Police

Sophisticated frauds were localised to add a veneer of authenticity, with one UAE user reporting the local postal brand and currency was used.

Cybercriminals also used a method to bypass One Time Password verification through a technique called “Man-in-the-Middle”.

With this technique, card data entered on the phishing website by a victim is manually or automatically inserted into the real website by the scammers to initiate a transaction.

When victim subsequently enters the One Time Password on the phishing page, the “fee” is instead transferred to the cybercriminals’ bank account.

In March, online shopping website dubizzle issued a warning to its customers to be on alert for fake messages from them as well as Emirates Post.

“Over the last few weeks, many scammers have been contacting advertisers on dubizzle with offers to deliver goods through Emirates Post,” the email said.

“Please beware of such messages and do not engage in any kind of transactions unless you already have the product in hand if you’re buying or have received the value of the product you’re selling.

“We do not engage with our users on WhatsApp with random numbers. If you receive such a message with a random number, block that number immediately and report it to us.”

The site encouraged users to safeguard themselves by using dubizzle Chat to hold conversations with prospective buyers and sellers.

The police have set up a booth at City Centre Al Zahia to advise people about the dangers of cybercrime. Photo: Sharjah Police

Tips to stop fraudsters

  • Users are advised to stay vigilant when clicking on links from emails or text messages, regardless of the sender.
  • Users should only employ official websites to track their packages, which also include the contact details of customer support teams.
  • Usually, legitimate delivery companies do not send payment requests by text message or email.
  • Shortened URLs and long chains of redirects are red flags. Do not click on such links and do not enter sensitive information unless you are 100 per cent confident that the website you are dealing with is legitimate.
  • Have a dedicated disposable virtual card with predetermined limits for safe online shopping so that, if it is compromised, the scammers will not be able to access your savings.

Scammers created sites imitating at least 13 delivery brands, postal operators and public companies from the UAE, Bahrain, Egypt, Israel, Jordan, Kuwait, Qatar and Saudi Arabia.

Details of the fraud were reported by Singapore-based cybersecurity experts Group-IB, which has a research centre in Dubai.

“In line with the responsible disclosure protocol, Group-IB always does its best to mitigate these threats,” the company said.

“In this case, Group-IB alerted the regional computer emergency response teams of the active phishing domains and continues to monitor the infrastructure for the appearance of new malicious resources exploiting the delivery theme.”

Details of the widespread fraud were revealed by Group-IB, with the latest fraudulent attempt reported as recently as July 14.

Last week, Sharjah Police said household names including Aramex and Emirates Post had been impersonated by hackers, sending customers links to bills via WhatsApp or text message for a small delivery charge of Dh10 ($2.70) and then stealing bank account or card details.

Customers prompted to pay customs fee or tax

Customers awaiting an order may receive an email or a text message from the national postal service requesting payment for a delivery or customs clearance fee.

Following the link from the message, customers are redirected to a phishing page that requests their bank card details to process the payment.

As soon as the customer submits the form, the sum of the “fee” was deducted from their bank account and transferred to cybercriminals, along with their bank card details.

Web Desk

Recent Posts

Physioveda Medical Center introduces comprehensive physiotherapy services in Dubai

DUBAI: Physioveda Medical Center offers physiotherapy services in Dubai, designed to meet the city’s growing…

13 hours ago

MENA ICON 2024 concludes with high-impact discussions and strategic insights

Gathering offers attendees invaluable insights into future of finance Engaging sessions on ‘The geopolitical trends…

13 hours ago

President Asif Ali Zardari suffers leg fracture at Dubai airport

Dubai: President Asif Ali Zardari sustained a leg fracture while disembarking from a plane at…

2 days ago

Pakistan Embassy’s new consular halls opens with enhanced features

Dubai: Newly constructed and renovated Consular Halls at Pakistan Embassy Abu Dhabi were inaugurated on…

2 days ago

MoFA, Finland Awards VFS Global Visa and Resident Permit Services Tender

Dubai: VFS Global has worked with the Ministry for Foreign Affairs of Finland since 2010…

3 days ago

Al Masaood Automobiles Renault Sponsors Manchester Thunder Women’s Netball Team

Al Masaood Automobiles Renualt has announced its sponsorship of Manchester Thunder Women’s Netball Team, a…

3 days ago