Over 200 domains impersonating Middle Eastern postal services
Since as early as 2020, analysts have detected over 270 domains making use of the regional delivery and postal service brands, according to a new report released by Cybersecurity company Group-IB.
According to the study, Group-IB has identified a widescale phishing campaign targeting users in the Middle East by impersonating well-known postal services from Bahrain, Egypt, Kuwait, Qatar, Saudi Arabia, Jordan, and the UAE.
Findings show that the pandemic-driven explosive growth of online shopping created a perfect storm for threat actors, who found fertile ground for inventing new attack scenarios. Thereafter, phishing schemes exploiting the delivery topic became one of the highest ROI activities for fraudsters.
As such, globally, CERT-GIB identified more than 400 domains impersonating postal brands as part of this phishing campaign, with more than half of them (276) intended for users in the Middle East.
Attackers have been spotted employing over 30 brands of post services and relevant delivery organizations from over 20 countries worldwide to target their victims. In the Middle East specifically, scammers have impersonated over 13 different delivery brands, postal operators, and public companies from at least eight different countries, including Bahrain, Egypt, Jordan, Kuwait, Qatar, Saudi Arabia, and the UAE.
Moreover, the analysis showed that most of the 276 websites identified are inactive at the time of the analysis. These domains are short-lived by design to complicate detection and instead, new websites are regularly created. The latest resource impersonating a Middle Eastern postal brand appeared on July 14, 2022, according to Group-IB.