Various phishing domains impersonating Absher, the Saudi federal government assistance portal, have been set up to offer fake companies to citizens and steal their credentials.
The discovery comes from cybersecurity researchers at CloudSEK, who printed an advisory about the menace on Thursday.
“The risk actors are focusing on individuals by sending an SMS, alongside with a website link, urging people today to update their facts on the Absher Portal,” wrote the security industry experts. “The phishing web site provides end users with a fake login portal, compromising the login credentials.”

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
In accordance to CloudSEK, soon after the bogus ‘login’ motion, a pop-up seems on the site prompting a four-digit just one-time password (OTP) despatched to the registered mobile quantity, most likely made use of to bypass multifactor authentication (MFA) on the respectable Absher Portal.
“Any four-digit variety is recognized as an OTP devoid of verification, and the target correctly logs in to the bogus portal,” CloudSEK clarified.
After the phony login method is entire, the consumer is then requested to fill in a ‘registration’ sort, divulging sensitive personally identifiable information (PII), and redirected to a new webpage exactly where they are prompted to choose a bank. They are then directed to a phony financial institution login portal made to steal their qualifications.
“Immediately after submitting the internet banking login specifics, a loading icon pops up, and the website page receives trapped, when the consumer banking credentials have previously been compromised,” the security scientists wrote.
According to CloudSEK, government companies in the Saudi region have not long ago been a primary target for cyber-criminals to compromise consumer credentials and use them to perform further cyber-attacks.
“Multiple phishing domains have been registered to get the PII of folks in Saudi Arabia,” the company wrote.
To mitigate the influence of these attacks, CloudSEK called on govt businesses to check phishing campaigns concentrating on citizens and tell and educate them about these dangers, for occasion, by telling them not to simply click on suspicious backlinks.
The advisory arrives months immediately after CloudSEK found out a separate phishing campaign focusing on KFC and McDonald’s shoppers in Saudi Arabia.
Some sections of this post are sourced from:
www.infosecurity-journal.com