New Phishing Campaign Targets Saudi Government Service Portal

Security

Multiple phishing domains impersonating Absher, the Saudi government service portal, have been set up to provide fake services to citizens and steal their credentials.

The discovery comes from cybersecurity researchers at CloudSEK, who published an advisory about the threat on Thursday.

“The threat actors are targeting individuals by sending an SMS, along with a link, urging people to update their information on the Absher Portal,” wrote the security experts. “The phishing website presents users with a fake login portal, compromising the login credentials.”

According to CloudSEK, after the fake ‘login’ action, a pop-up appears on the site prompting a four-digit one-time password (OTP) sent to the registered mobile number, probably used to bypass multifactor authentication (MFA) on the legitimate Absher Portal.

“Any four-digit number is accepted as an OTP without verification, and the victim successfully logs in to the fake portal,” CloudSEK clarified.

Once the fake login process is complete, the user is then asked to fill in a ‘registration’ form, divulging sensitive personally identifiable information (PII), and redirected to a new page where they are prompted to choose a bank. They are then directed to a fake bank login portal designed to steal their credentials.

“After submitting the internet banking login details, a loading icon pops up, and the page gets stuck, while the user banking credentials have already been compromised,” the security researchers wrote.

According to CloudSEK, government services in the Saudi region have recently been a prime target for cyber-criminals to compromise user credentials and use them to conduct further cyber-attacks.

“Multiple phishing domains have been registered to gain the PII of individuals in Saudi Arabia,” the company wrote.

To mitigate the impact of these attacks, CloudSEK called on government organizations to monitor phishing campaigns targeting citizens and inform and educate them about these dangers, for instance, by telling them not to click on suspicious links.

The advisory comes weeks after CloudSEK discovered a separate phishing campaign targeting KFC and McDonald’s customers in Saudi Arabia.

Products You May Like

Articles You May Like

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04 – Nov 10)
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
ESET APT Activity Report Q2 2024–Q3 2024
Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims
Pro-Russian Hacktivists Target South Korea as North Korea Joins Ukraine War

Leave a Reply

Your email address will not be published. Required fields are marked *