Source: dpa picture alliance via Alamy Stock Photo
A recent spate of phishing scams — promoted through counterfeit websites — has prompted warnings from police and local businesses in the United Arab Emirates (UAE).
The alerts flag fake websites posing as Dubai's Road and Transport Authority (RTA), which runs the metro and bus network in the city, as well as tourist sites such as Global Village and the Museum of the Future.
These dodgy websites are being promoted by search engine manipulation to such an extent that the first four sites that appear on a search for local "Nol" travel card purchases or "Nol recharge" are all fraudulent, the Khaleej Times reports.
'Black Hat' SEO Poisoning
Scammers are attempting to duplicate a legitimate website or app using a counterfeit domain, often with the false veneer of legitimacy through a digital certificate, and promoting them using so-called black hat search engine optimization (SEO).
Chris Hauk, consumer privacy advocate at Pixel Privacy, says cybercriminals can use various techniques to improve the ranking of their scam pages. This can include keyword stuffing, where relevant keywords are crammed into a webpage's text or meta tags; search ranking manipulation, which uses bots or humans to search for keywords and generate fake clicks for the malicious site; and cloaking, which involves offering search engine crawlers with different information than what is actually displayed to visitors to the site.
Andrew Whaley, senior technical director at Promon, explains that one of the most prevalent ways that criminals boost their page is by buying an HTTPS domain. Unfortunately, anyone can pay for the certificate and have a legitimate-looking website.
It's not an easy problem to fix, either. "The sheer volume of these scam pages makes it a tricky and resource-intensive task for authorities to identify and remove each one," he says. "Even the removal can involve collaboration between Internet service providers, law enforcement, and cybersecurity experts."
Watering Hole Attacks
Experts tell Dark Reading that some recent Dubai-targeting scams display the hallmarks of watering-hole attacks.
Morey Haber, chief security officer at BeyondTrust, says, "The technique uses phishing and social engineering to lure a victim to a faux website that resembles another site with a high degree of fidelity. At a quick glance, everything can appear real, from hyperlinks to the SSL certificate used to encrypt the HTTPS page."
He says the attack typically requires the user to enter their credentials, and even one-time password codes, which are harvested and subsequently abused.
"Unfortunately, most users are unaware this is a watering hole since the credentials are passed through, behind the scenes, to the real website and you appear to login normally," Haber adds. "All this time, your credentials have been stolen."
Phishing Oasis
As well as scam websites impersonating legitimate public services, phishing emails have become more prevalent in Dubai recently. These urge recipients to click on links to pay fictitious fines or service fees while falsely posing as either emails or SMS messages supposedly sent to them by trustworthy organizations, such as the local police force.
This has led Dubai police to warn people about phishing scams where fraudsters posed as cops. "Dubai Police has identified multiple fraud cases in which scammers pretended to be police members or departments," the police communication on X said. "If you are being asked to make payments via links and share your personal information, stop, verify the sender's email again, and report it to Dubai Police Ecrime."
Replies to the thread report that as well as sending messages, the fraudsters call prospective marks in an attempt to trick them into handing over their Emirates ID details.
Haber says, "The best defense for social engineering is education and an understanding of how these attacks leverage our own traits to be successful. If we can understand our own flaws and react accordingly, we can minimize the threat actor's ability to compromise resources and gain access due to our own shortcomings."