HQ/EMEAFind out how we can help your business
Scammers are currently using Fake Police fines to execute an impersonation campaign and fool the citizens in the UAE.
This massive fraud campaign coincides with the country’s holidays and involves threat actors deceiving their targets into paying bogus fines through calls, emails, and text messages. The researchers explain that the attackers use personal information to appear as Dubai Police and send fake payment requests for phoney parking penalties, license renewals or other traffic offences.
The scammers commonly approach their victims with these fake violations through phone conversations. Moreover, these calls usually feature scripted discussions and background noise designed to pose as legitimate call centres.
This new campaign that uses Fake Police fines resembles a similar campaign last year.
According to reports, this spoofing operation using Fake Police fines is strikingly similar to a previous campaign that spoofed the UAE Federal Authority for Identity and Citizenship last year.
Investigations initially discovered this strategy and tooling from the Chinese-speaking cybercriminal organisation dubbed Smishing Triad on Telegram. As of now, the confirmed tactics that these threat actors use are phishing and smishing, vishing calls, and fake notifications.
These operations have been a headache in the Middle East, especially in the UAE. The UAE Financial Intelligence Unit’s (UAEFIU) assessment of these campaigns showed that fraud-related losses reached about AED 1.2 billion ($326 million) from 2021 to 2023.
Further research also discovered that over 144 domains associated with the scam are aimed at low-cost and poorly controlled generic top-level domains (gTLDs).
This type of fraud has a significant financial effect on targeted individuals, but the threat actors also use these campaigns for money laundering activities.
Furthermore, international threat actors and organisations have leveraged dark web-sourced databases containing phone numbers and other personal information to execute these spoofing and phishing activities. A recent tally alleges cybercriminals distribute 50,000 to 100,000 fraudulent texts daily.
The country’s law enforcement agency advises its citizens to remain cautious and critical of unsolicited communications. Lastly, the UAE authorities reminded the public that they will never require financial or personal information through phone calls, so be vigilant about such activities.
