Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Phishing Campaign Impersonates the UAE

    Phishing Campaign Targets UAEResearchers at CloudSEK have observed a financially motivated phishing campaign that’s impersonating the United Arab Emirates (UAE) Ministry of Human Resources. The large-scale campaign is targeting organizations in the “Finance, Travel, Hospital, Legal, Oil and Gas, and Consultation industries.”

    “The actors created a fake website www.mohregov-ae[.]com that resembles the legitimate domain www[.]mohre[.]gov[.]ae, to defraud users,” the researchers write.

    CloudSEK then tied this domain to forty-three other phishing sites that targeted immigrants looking for jobs in the Middle East, as well as targeting companies in order to carry out business email compromise (BEC) attacks. The researchers note that the sites are different depending on their purpose. The sites targeting job seekers are convincingly spoofed versions of legitimate career websites.

    “While [the] domains that are presumably used to target job seekers impart a credible impression to first-time visitors, the domains potentially targeting businesses with BEC scams do not have a website and are most likely primarily used only to send emails,” the researchers write.

    CloudSEK notes that despite the different types of scams, it appears that a single actor is behind this campaign.

    “Upon observing the pattern of the email address used to register the domains, domain name, and hosting infrastructure, it can be inferred that a single threat actor or a threat actor group owns all these phishing domains and websites,” the researchers write.

    CloudSEK offers the following advice for users to avoid falling for these attacks:

    • Avoid downloading suspicious documents from unknown sources.
    • Avoid clicking on suspicious links.
    • Enable the visibility of file extensions, and be wary of downloading files with unknown file extensions.
    • Ensure the usage of MFA (Multi-Factor Authentication).
    • Use up-to-date antivirus and anomaly detection tools.

    New-school security awareness training can teach your employees to follow security best practices so they can thwart social engineering attacks.

    CloudSEK has the story.

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews