Smishing Triad Targets UAE Residents in Identity Theft Campaign

Written by

Security researchers have observed a new fraudulent campaign orchestrated by the Smishing Triad gang and impersonating the United Arab Emirates Federal Authority for Identity and Citizenship. 

Operating through malicious SMS messages that claim to be from the General Directorate of Residency and Foreigners Affairs, the campaign specifically targets UAE residents and foreigners in the country.

The Resecurity team discovered the threat and promptly notified UAE law enforcement agencies and cybersecurity entities to mitigate potential risks associated with identity theft. 

According to an advisory published by the company on Monday, the discovery coincided with an uptick in fraudulent activities during the holiday season.

The Smishing Triad gang, previously known for posing as US, UK and EU postal providers, has shifted its tactics to focus on UAE residents. The group utilizes malicious links sent via SMS or iMessage to victims’ mobile devices, concealing them through URL-shortening services like

The phishing messages, observed on both Apple iOS and Google Android devices, lack sender information, possibly utilizing Caller ID or underground SMS spoofing services.

Read more on Smishing Triad: China-Based Fraud Network Exposed

Notably, victims reported receiving such messages after updating their residence visas, suggesting potential access to private channels through third-party data breaches, business email compromises (BEC) or dark web databases. 

Upon clicking the link, victims are redirected to a fake webpage resembling the UAE General Directorate of Residency and Foreigners Affairs website, where personal information and credit card details are stolen.

The attackers used RSA encryption in HTTP responses to complicate timely analysis. According to Resecurity, a China-based organization controls critical domain names employed in fraudulent campaigns. Furthermore, the attackers use geolocation filtering, allowing the phishing form to appear only for UAE IP addresses and mobile devices.

To protect against these evolving threats, Resecurity recommended heightened cybersecurity awareness and the implementation of identity protection programs. 

“Because the Smishing Triad gang is actively targeting the Emirates using multiple schemes, cybersecurity agencies and UAE citizens must remain vigilant,” reads the advisory.

“Fraud awareness campaigns, identity protection and educational programs are essential first lines of defense against these rapidly evolving threats.”

What’s hot on Infosecurity Magazine?