Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Phishing Campaign Impersonates the UAE

    Stu Sjouwerman | Jul 7, 2022

    Phishing Campaign Targets UAEResearchers at CloudSEK have observed a financially motivated phishing campaign that’s impersonating the United Arab Emirates (UAE) Ministry of Human Resources. The large-scale campaign is targeting organizations in the “Finance, Travel, Hospital, Legal, Oil and Gas, and Consultation industries.”

    “The actors created a fake website www.mohregov-ae[.]com that resembles the legitimate domain www[.]mohre[.]gov[.]ae, to defraud users,” the researchers write.

    CloudSEK then tied this domain to forty-three other phishing sites that targeted immigrants looking for jobs in the Middle East, as well as targeting companies in order to carry out business email compromise (BEC) attacks. The researchers note that the sites are different depending on their purpose. The sites targeting job seekers are convincingly spoofed versions of legitimate career websites.

    “While [the] domains that are presumably used to target job seekers impart a credible impression to first-time visitors, the domains potentially targeting businesses with BEC scams do not have a website and are most likely primarily used only to send emails,” the researchers write.

    CloudSEK notes that despite the different types of scams, it appears that a single actor is behind this campaign.

    “Upon observing the pattern of the email address used to register the domains, domain name, and hosting infrastructure, it can be inferred that a single threat actor or a threat actor group owns all these phishing domains and websites,” the researchers write.

    CloudSEK offers the following advice for users to avoid falling for these attacks:

    • Avoid downloading suspicious documents from unknown sources.
    • Avoid clicking on suspicious links.
    • Enable the visibility of file extensions, and be wary of downloading files with unknown file extensions.
    • Ensure the usage of MFA (Multi-Factor Authentication).
    • Use up-to-date antivirus and anomaly detection tools.

    New-school security awareness training can teach your employees to follow security best practices so they can thwart social engineering attacks.

    CloudSEK has the story.

    Topics: Phishing

    Discover Your Organization’s Phish-prone™ Percentage

    Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

    Get Your Free Phishing Security Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All