Good Afternoon! Let's review this week's cybersecurity briefing...
Emerging Threats & Techniques
Rolex Scam on Facebook Targets Dubai Residents
Here’s what you should know about:
A Facebook post says that the Rolex store at Dubai Mall is closed because of a 65% sale. The post includes a link that takes people to a fake convincing website.
Any user who clicks on the link will be taken to a fake website that looks like Rolex's real website and asks you to play a "Lucky Spin" game celebrating Rolex's 57th anniversary in the UAE to get an extra discount.
Whosoever spins the wheel for a chance to get that 65% discount, receive a message congratulating them on getting the discount code "BGBDFV," which takes 85% off at checkout.
As soon as the website shows a discount code, it sets off a countdown timer and makes the product limited so that people buy right away without doing any more research.
Also, the website publishes fake reviews that are made to look real by adding silly details.
New Loan Scams and WhatsApp Job Offers Target UAE Residents
Here’s what you should know about:
A Filipina named Cristy, who works as a shift supervisor at a restaurant in Dubai, was recently the target of a loan scam. The scammers used Facebook ads to promise quick loans with no security.
She then contacted the lending company and they requested that she deposit Dh1,250 as a processing fee. There were no additional prerequisites that were necessary.
After that, the company informed her that the loan had been canceled due to her "low credit," and as a result, they asked for an additional Dh3,125 to ensure that the problem was resolved.
Even though Cristy sent the requested amount of Dh4,375, she was not granted any loan, and not only that, but the loan officer also blocked her.
Hackers Target Residents with Fake OTP Requests
Here’s what you should know about:
To launch vishing attacks, hackers are pretending to be from the UAE government, such as the UAE ICP (Identity & Citizenship Procedures).
Brejesh Rajan, a resident of Dubai, got a call from a woman who said she was from the ICP while he was renewing his Emirates ID.
The hacker knew Rajan's Emirates ID number and the expiry date, which is what made him click on a link in a UAE Passcode that was meant to renew his ID.
Later, to back up their fake identity, the hackers sent Rajan three emails from what looked like the ICP's gov.ae domain address.
As soon as he gave ICP his bank information and card number, he received a debit request for Dh1 along with a one-time password (OTP). The hacker then asked for his CVV number and the OTP he had received.
A resident from Dubai was scammed by a fake Etisalat website while they were trying to top up a friend's phone.
The website he was sent to resembles Etisalat's official site, but the domain name had one more letter added to it.
The resident entered her card information and the OTP on the fake website, resulting in a Dh1954.75 deduction.
Etisalat advises users to use caution when clicking links on websites, stay away from dubious ones, and double-check URLs for mistakes, such as "co.ae" instead of ".com".
Thanks for reading :)
Help us spread the word! Share this newsletter with your colleagues and friends.