The scam works by simulating familiar repayment sites, such as DubaiPay and Salik, for victims to enter their financial information into.
As per the recent findings, Kaspersky experts have issued a warning against a recent scam campaign, crafting phishing pages disguised as the Dubai Government application, Digital Dubai Authority. The scammers use seemingly realistic payment and recharge portals, allowing them direct access to monetary gain. In addition, once credit card information is submitted, scammers are also provided with valuable financial data that can be used for other, illegitimate transactions
With the campaign starting in April, Kaspersky researchers found over 240 phishing pages of this kind till date. Distributed via email, messenger or sms containing a fraudulent URL, the phishing page opens and lures people into sharing payment information. Paired with the option to provide a fake charitable donation, scammers are able to exploit the well-respected image of Digital Dubai Authority which leverages emerging technologies to provide ease of payment to its citizens.
“This is a classic example of cybercriminals feigning authority. Unfortunately, it can be difficult to tell apart such instances from legitimate pages. In this specific case, we notice criminals pretending to be Digital Dubai Authority to lure victims in a convincing disguise. Scammers will often impersonate well-respected entities in order to socially engineer people into giving up sensitive information or trick them into fraudulent payments; the goal is to make attacks as realistic as possible,” commented Maher Yamout, Lead Security Researcher for META, Kaspersky.
The scammers use seemingly realistic payment and recharge portals, allowing them direct access to monetary gain. In addition, once credit card information is submitted, scammers are also provided with valuable financial data that can be used for other, illegitimate transactions. To avoid falling victim to similar phishing campaigns, Kaspersky recommends to always double check the URL and email, watching out for mistakes from these sources.
Employ common sense before handing over sensitive details, especially before making payments online. When you get an alert from a major institution, open your browser window and type the address directly into the URL field to verify the site.
