New Phishing Campaign Targets Saudi Government Service Portal

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Multiple phishing domains impersonating Absher, the Saudi government service portal, have been set up to provide fake services to citizens and steal their credentials.

The discovery comes from cybersecurity researchers at CloudSEK, who published an advisory about the threat on Thursday.

“The threat actors are targeting individuals by sending an SMS, along with a link, urging people to update their information on the Absher Portal,” wrote the security experts. “The phishing website presents users with a fake login portal, compromising the login credentials.”

According to CloudSEK, after the fake ‘login’ action, a pop-up appears on the site prompting a four-digit one-time password (OTP) sent to the registered mobile number, probably used to bypass multifactor authentication (MFA) on the legitimate Absher Portal.

“Any four-digit number is accepted as an OTP without verification, and the victim successfully logs in to the fake portal,” CloudSEK clarified.

Once the fake login process is complete, the user is then asked to fill in a ‘registration’ form, divulging sensitive personally identifiable information (PII), and redirected to a new page where they are prompted to choose a bank. They are then directed to a fake bank login portal designed to steal their credentials.

“After submitting the internet banking login details, a loading icon pops up, and the page gets stuck, while the user banking credentials have already been compromised,” the security researchers wrote.

According to CloudSEK, government services in the Saudi region have recently been a prime target for cyber-criminals to compromise user credentials and use them to conduct further cyber-attacks.

“Multiple phishing domains have been registered to gain the PII of individuals in Saudi Arabia,” the company wrote.

To mitigate the impact of these attacks, CloudSEK called on government organizations to monitor phishing campaigns targeting citizens and inform and educate them about these dangers, for instance, by telling them not to click on suspicious links.

The advisory comes weeks after CloudSEK discovered a separate phishing campaign targeting KFC and McDonald’s customers in Saudi Arabia.

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft
Russia’s Sandworm Upgraded to APT44 by Google’s Mandiant
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
Beyond fun and games: Exploring privacy risks in children’s apps
US Imposes Visa Restrictions on Alleged Spyware Figures

Leave a Reply

Your email address will not be published. Required fields are marked *