Researchers at CloudSEK have observed a financially motivated phishing campaign that’s impersonating the United Arab Emirates (UAE) Ministry of Human Resources. The large-scale campaign is targeting organizations in the “Finance, Travel, Hospital, Legal, Oil and Gas, and Consultation industries.”
“The actors created a fake website www.mohregov-ae[.]com that resembles the legitimate domain www[.]mohre[.]gov[.]ae, to defraud users,” the researchers write.
CloudSEK then tied this domain to forty-three other phishing sites that targeted immigrants looking for jobs in the Middle East, as well as targeting companies in order to carry out business email compromise (BEC) attacks. The researchers note that the sites are different depending on their purpose. The sites targeting job seekers are convincingly spoofed versions of legitimate career websites.
“While [the] domains that are presumably used to target job seekers impart a credible impression to first-time visitors, the domains potentially targeting businesses with BEC scams do not have a website and are most likely primarily used only to send emails,” the researchers write.
CloudSEK notes that despite the different types of scams, it appears that a single actor is behind this campaign.
“Upon observing the pattern of the email address used to register the domains, domain name, and hosting infrastructure, it can be inferred that a single threat actor or a threat actor group owns all these phishing domains and websites,” the researchers write.
CloudSEK offers the following advice for users to avoid falling for these attacks:
- Avoid downloading suspicious documents from unknown sources.
- Avoid clicking on suspicious links.
- Enable the visibility of file extensions, and be wary of downloading files with unknown file extensions.
- Ensure the usage of MFA (Multi-Factor Authentication).
- Use up-to-date antivirus and anomaly detection tools.
New-school security awareness training can teach your employees to follow security best practices so they can thwart social engineering attacks.
CloudSEK has the story.