Cybersecurity researchers have uncovered a large online scam operation that targeted internet users across the Middle East and North Africa (MENA) region. The campaign relied on fake Facebook accounts that pretended to be politicians, public figures, telecom companies, and trusted organizations. These accounts were used to attract users with offers that appeared genuine. The goal was to convince people to interact with malicious content.
The fake posts promoted attractive offers such as free mobile internet packages, financial assistance, and government subsidy programs. Victims were encouraged to click on links to claim these benefits. However, instead of receiving any reward, users were redirected through several websites controlled by scammers. These redirections ultimately led to fraudulent platforms designed to generate illegal profits.
Researchers linked the activity to a phishing-as-a-service platform known as Sniper Dz. The platform was recently disrupted during an INTERPOL-led law enforcement operation. Investigators say the service was not limited to stealing credentials. It also supported multiple methods for generating revenue from unsuspecting users through various online fraud techniques.
A typical attack began with localized social engineering tactics tailored to specific countries and audiences. In some cases, scammers impersonated well-known telecom providers and promoted limited-time offers. Victims who clicked the advertisements were first taken to intermediary pages hosted through link aggregation services. These pages helped hide the final destination and made detection more difficult.
Once users reached the final websites, they were often asked to allow browser notifications. Granting this permission enabled attackers to continuously send misleading alerts and advertisements. Researchers found that browser notification abuse played a major role in the operation. This technique allowed scammers to repeatedly engage victims even after they left the original website.
The investigation revealed that Sniper Dz supported a large phishing infrastructure containing around 80 phishing templates. These templates imitated more than 30 well-known global brands from sectors such as finance, social media, gaming, and online services. The platform made it easier for criminals to launch convincing scams without needing advanced technical skills. This helped expand the campaign’s reach across multiple countries.
Researchers also discovered additional monetization methods used by the operators. These included premium SMS subscription fraud, premium-rate phone call schemes, investment scams, and affiliate marketing abuse. In some cases, victims were trapped through browser history manipulation techniques that made it difficult to leave scam pages. Such tactics increased the chances of users falling deeper into the fraud process.
The findings highlight how modern phishing operations have evolved beyond simple credential theft. By combining fake social media promotions, browser notification abuse, and financial scams, operators created a complex system for generating revenue from victims. Security experts advise users to remain cautious when encountering offers that seem too good to be true and to verify information before clicking on links shared through social media platforms.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
