Security
Headlines
HeadlinesLatestCVEs

Headline

Scammers Exploit Fake Domains in Dubai Police Phishing Scams

BforeAI has discovered a surge in phishing attacks targeting the Dubai Police, a government-run entity. Learn how cybercriminals are exploiting the Dubai Police name to steal personal information and money.

HackRead
#web#google#ddos#git#botnet

****SUMMARY:****

  • Researchers found a rise in phishing attacks in the UAE impersonating Dubai Police via SMS.

  • Attackers use fake domains with typosquatting and suspicious extensions like “.xyz” and “.top.”

  • Many domains originate from Singapore servers linked to prior malicious activity.

  • The scams aim to steal financial data and exploit fear using emergency numbers like 999.

  • Residents should verify websites, avoid unknown contacts, and check for “HTTPS” to stay safe.

Cybersecurity researchers at BforeAI have identified a rise in phishing attacks targeting residents of the United Arab Emirates (UAE) by impersonating the Dubai Police. The attacks are primarily relayed via SMS texts and redirect users to malicious domains.

The researchers analyzed 268 domains from September 17 to November 22 to identify patterns and trends. Most domains originated from Singapore servers and have a history of malicious activity, including spam, phishing, and botnets. Around 50% of these domains were registered by Gname, and the rest by NameSilo, and Dominet.

One such SMS with a malicious link (Via BforeAI)

Further probing revealed that over two dozen domains have expired, with some registered as recently as November. Two registrants, from India and Dubai, have suspicious names suggesting legitimate company origins. Threat actors, however, have managed to keep their identities anonymous, revealed BeforeAI’s advisory shared exclusively with Hackread.com ahead of its publishing.

This update follows last month’s revelations that 99% of UAE’s .ae domains are vulnerable to phishing and spoofing attacks due to insufficient DMARC implementation.

****What’s going on****

The attackers are deploying a multi-sided approach to deceive victims. This includes registering numerous domains in fast succession, often with sequential numbering, hinting at the use of automated tools, and using Typosquatting. This means they are creating misspelled variations of “Dubai Police” (e.g., “dubaiploce”) to trick unsuspecting recipients into clicking on illegitimate links.

Furthermore, attackers are adding terms like “police,” “gov,” “portal,” and “online” to the domain names to appear official and trustworthy.

Beyond the “.com” domain, the attackers are heavily utilizing less-regulated extensions like “.top,” “.xyz,” and “.click,” which provide them with more anonymity. Interestingly, a significant portion of the domains were registered using Tencent servers in Singapore, previously linked to malicious activities.

****Who are the Targets?****

These fraudulent campaigns seem to have two main targets- stealing financial information from individuals who believe they’re interacting with a legitimate government entity and exploiting fear by incorporating emergency numbers like 999 (UAE emergency services) to target those worried about supposed fines or seeking genuine assistance from Dubai Police.

Researchers observed a quick turnaround time for these phishing campaigns. Many domains expire within weeks, suggesting the attackers launch frequent, short-lived operations to evade detection.

To avoid falling victim to such scams, UAE residents should verify official websites, be cautious of unfamiliar contacts, and be wary of websites lacking the “HTTPS” protocol, broken links, or unprofessional design.

  1. Stolen UAE InvestBank Data Sold on Dark Web
  2. Anonymous Sudan Hits UAE’s Flydubai with DDoS Attack
  3. US Gov Agencies Impersonated in DocuSign Phishing Scams
  4. In UAE Supporting Qatar on the Internet is Now a Cybercrime
  5. Google takes on sites with ties to hack-for-hire groups in UAE

HackRead: Latest News

FBI Warns of HiatusRAT Malware Targeting Webcams and DVRs