The Smishing Triad gang has been identified as orchestrating a new fraudulent campaign impersonating the United Arab Emirates Federal Authority for Identity and Citizenship. The campaign targets UAE residents and foreigners through malicious SMS messages claiming to be from the General Directorate of Residency and Foreigners Affairs. The Resecurity team discovered the threat and promptly notified UAE law enforcement agencies and cybersecurity entities. This discovery coincided with an increase in fraudulent activities during the holiday season. The group uses malicious links sent via SMS or iMessage to victims’ mobile devices, concealing them through URL-shortening services. Victims have reported receiving such messages after updating their residence visas, suggesting potential access to private channels through third-party data breaches. Upon clicking the link, victims are redirected to a fake webpage where personal information and credit card details are stolen. The attackers used RSA encryption in HTTP responses to complicate timely analysis. To protect against these threats, Resecurity recommended heightened cybersecurity awareness and the implementation of identity protection programs. They emphasized the importance of remaining vigilant and implementing education programs as essential first lines of defense against these rapidly evolving threats.