Beware of Sophisticated Scams A Real-Life Incident Reveals Elaborate Cyber Threats
In a recent and alarming incident, a sophisticated cyber attacker managed to compromise the security of a user's personal information by exploiting the UAE PASS application and the smart services platform (https://icp.gov.ae). This detailed account sheds light on the intricacies of the attack and the various manipulative tactics employed.
Unauthorized Access through UAE PASS:
The assailant initiated the attack by gaining access to a registered mobile number and the user's UAE PASS application. Posing as a legitimate entity, the attacker directed the user to approve a UAE PASS request under the pretense of updating card status or unblocking a card. Once the user unknowingly approves the request, the attacker gains unauthorized access to the smart services application from their machine.
Acquisition of Personal Details:
With access secured, the attacker harvests sensitive personal information such as visa details, Emirates ID (EID), and passport information. To further deceive the user, the attacker demonstrates a chilling level of knowledge by providing accurate user details, including date of birth, full name, and passport number for verification. Additionally, the attacker successfully acquires the user's credit card number.
OTP Manipulation via Aramex:
The attacker attempts to register the user's mobile number on the Aramex application to solidify their grip on the victim's data. The victim receives legitimate One-Time Passwords (OTPs) sent by Aramex for use at the time of delivery. In a calculated move to tighten their hold on the victim's personal information, the attacker endeavors to register the user's mobile number on the Aramex application. Subsequently, the victim starts receiving a seemingly legitimate One-Time Password (OTP)/Activation code intended for use during the delivery process.
领英推荐
WhatsApp Impersonation:
Leveraging the trust associated with WhatsApp, the attacker takes advantage of the victim's vulnerability. As representatives of ENBD WhatsApp banking, they share the victim's EID and visa pages on their WhatsApp accounts, adding another layer to the deception.
Deceptive Request for Card Screenshots:
The attacker's audacity reaches new heights as they convince the victim to share screenshots of their debit and credit cards on WhatsApp. Under the guise of removing duplicate cards from the bank account, the victim unwittingly plays into the attacker's hands.
The Trap is Set:
If the victim succumbs to these manipulative tactics and shares the requested information, the attacker gains a significant advantage, with access to sensitive details that can be exploited for financial fraud, and other malicious activities. This chilling incident serves as a stark reminder of the evolving and sophisticated nature of cyber threats.
Users are strongly urged to exercise extreme caution when prompted to approve requests, verify personal information, or share sensitive details through various channels. It is crucial to remain vigilant, question suspicious activities, and verify the legitimacy of requests to ensure the safety and security of personal information in an increasingly connected digital landscape.