Phishing campaign targets Saudi Government
Multiple phishing domains impersonating Absher, the Saudi government service portal, have been set up to provide fake services to citizens and steal their credentials.
The discovery comes from cybersecurity researchers at CloudSEK, who published an advisory about the threat on Thursday.
“The threat actors are targeting individuals by sending an SMS, along with a link, urging people to update their information on the Absher Portal,” wrote the security experts. “The phishing website presents users with a fake login portal, compromising the login credentials.”
Phishing Campaigns Target KFC, McDonald’s in Saudi Arabia, UAE, Singapore
According to CloudSEK, after the fake ‘login’ action, a pop-up appears on the site prompting a four-digit one-time password (OTP) sent to the registered mobile number, probably used to bypass multifactor authentication (MFA) on the legitimate Absher Portal.
“Any four-digit number is accepted as an OTP without verification, and the victim successfully logs in to the fake portal,” CloudSEK clarified.
Once the fake login process is complete, the user is then asked to fill in a ‘registration’ form, divulging sensitive personally identifiable information (PII), and redirected to a new page where they are prompted to choose a bank. They are then directed to a fake bank login portal designed to steal their credentials.
“After submitting the internet banking login details, a loading icon pops up, and the page gets stuck, while the user banking credentials have already been compromised,” the security researchers wrote.
According to CloudSEK, government services in the Saudi region have recently been a prime target for cyber-criminals to compromise user credentials and use them to conduct further cyber-attacks.
“Multiple phishing domains have been registered to gain the PII of individuals in Saudi Arabia,” the company wrote.
Phishing campaign targets Saudi Government