Kaspersky experts warn against a recent scam campaign, crafting phishing pages disguised as the Dubai Government application, Digital Dubai Authority. The scam works by simulating familiar repayment sites, such as DubaiPay and Salik, for victims to enter their financial information in to.
With the campaign starting in April, Kaspersky researchers found over 240 phishing pages of this kind till date. Distributed via email, messenger or sms containing a fraudulent URL, the phishing page opens and lures people in to sharing payment information. Paired with the option to provide a fake charitable donation, scammers are able to exploit the well-respected image of Digital Dubai Authority which leverages emerging technologies to provide ease of payment to its citizens. The scammers use seemingly realistic payment and recharge portals, allowing them direct access to monetary gain. In addition, once credit card information is submitted, scammers are also provided with valuable financial data that can be used for other, illegitimate transactions.
“This is a classic example of cybercriminals feigning authority. Unfortunately, it can be difficult to tell apart such instances from legitimate pages. In this specific case, we notice criminals pretending to be Digital Dubai Authority to lure victims in a convincing disguise. Scammers will often impersonate well-respected entities in order to socially engineer people into giving up sensitive information or trick them into fraudulent payments; the goal is to make attacks as realistic as possible,” comments Maher Yamout, Lead Security Researcher for META at Kaspersky.
