How do the Sniper Dz scams operate?

Cybercriminals create fake Facebook accounts impersonating trusted figures to promote deceptive offers. Victims clicking on these offers are redirected through intermediary websites to phishing pages and monetization schemes.

What measures can users take to protect themselves from such scams?

Users should be cautious of unsolicited offers on social media, verify the authenticity of accounts promoting such offers, and avoid clicking on suspicious links. Employing robust security software and staying informed about common phishing tactics can also help mitigate risks.

Sniper Dz Scams Exploit Fake Facebook Offers to Target MENA Users

Cybercriminals in the MENA region are using fake Facebook accounts to promote deceptive offers, leading victims to phishing sites and monetization schemes.

Published: June 15, 2026

Share this on:

Executive Summary

In June 2026, cybersecurity researchers uncovered a series of fraudulent activities targeting users in the Middle East and North Africa (MENA) region. Cybercriminals employed fake Facebook accounts impersonating politicians, public figures, and trusted organizations to promote deceptive offers such as free mobile internet packages and financial compensations. Victims who clicked on these offers were redirected through a series of intermediary websites leading to phishing pages and monetization schemes, including browser notification abuse and premium SMS subscriptions. This incident highlights the evolving tactics of cybercriminals who exploit social engineering and trusted platforms to deceive users. The use of legitimate services like link-aggregation platforms and browser notifications underscores the need for heightened vigilance and advanced security measures to protect against such sophisticated scams.

Why This Matters Now

The Sniper Dz scams demonstrate a significant shift in cybercriminal strategies, leveraging social engineering and trusted platforms to deceive users. The use of legitimate services like link-aggregation platforms and browser notifications underscores the need for heightened vigilance and advanced security measures to protect against such sophisticated scams.

Attack Path Analysis

The attack began with adversaries creating fraudulent Facebook accounts impersonating trusted entities to lure victims with fake offers. Upon clicking the embedded links, victims were redirected through intermediary websites to phishing pages. These pages requested browser notification permissions, leading to the delivery of malicious push notifications. The attackers employed back button hijacking and tab-under techniques to trap users and expose them to further malicious content. Ultimately, the campaign aimed to steal sensitive information and generate illicit revenue through various scams.

Kill Chain Progression

Initial Compromise

High

Privilege Escalation

High

Lateral Movement

Medium

Command & Control

Medium

Exfiltration

High

Impact

High

Initial Compromise

Description

Adversaries created fraudulent Facebook accounts impersonating trusted entities to lure victims with fake offers.

Confidence:

High

MITRE ATT&CK® Techniques

Initial Access

T1684.001

Impersonation

Resource Development

T1585.001

Establish Accounts: Social Media Accounts

Initial Access

T1566.003

Phishing: Spearphishing via Service

Resource Development

T1586.001

Compromise Accounts: Social Media Accounts

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

PCI DSS 4.0 – Security Awareness Program

Control ID: 12.6

The incident highlights the need for a robust security awareness program to educate users on recognizing and avoiding social engineering attacks.

NYDFS 23 NYCRR 500 – Cybersecurity Awareness Training

Control ID: 500.14(b)

The attack underscores the importance of regular cybersecurity awareness training to help employees identify and respond to phishing and impersonation attempts.

DORA – ICT Risk Management Framework

Control ID: Article 13

The breach emphasizes the necessity for a comprehensive ICT risk management framework to address and mitigate risks associated with social engineering and fraudulent activities.

NIS2 Directive – Cybersecurity Risk Management Measures

Control ID: Article 21

The incident demonstrates the need for implementing appropriate cybersecurity risk management measures to protect against social engineering attacks targeting users.

CISA ZTMM 2.0 – User Training and Awareness

Control ID: Identity and Access Management

The attack highlights the importance of user training and awareness within the Identity and Access Management pillar to prevent unauthorized access through social engineering tactics.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Government Administration

High risk from impersonation of government officials and fake subsidy programs targeting MENA users through social engineering attacks requiring enhanced zero trust segmentation.

Telecommunications

Critical exposure from fraudulent mobile internet package offers targeting regional users, necessitating egress security policy enforcement and encrypted traffic monitoring capabilities.

Financial Services

Significant threat from fake financial compensation schemes and fraudulent offers requiring multicloud visibility, anomaly detection, and comprehensive threat response frameworks.

Political Organization

Severe vulnerability from politician impersonation campaigns across Facebook platforms demanding enhanced east-west traffic security and real-time threat detection mechanisms.

Sources

Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alertshttps://thehackernews.com/2026/06/sniper-dz-scams-target-mena-users-via.html
Verified

INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administratorhttps://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html

Verified

Sniper's Nest: From Brand Impersonation to Browser Hijacking and CPA Fraudhttps://radar.offseq.com/threat/snipers-nest-from-brand-impersonation-to-browser-h-b6d4e7d2

Verified

Sniper Dz PhaaS Platform Increasingly Used in Cyberattackshttps://www.msspalert.com/brief/sniper-dz-phaas-platform-increasingly-used-in-cyberattacks

Verified

Frequently Asked Questions

Sniper Dz is a phishing-as-a-service platform that has been used to facilitate large-scale credential theft and fraudulent activities, particularly targeting users in the MENA region.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Aviatrix Zero Trust CNSF is relevant to this incident as it could likely reduce the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and controlled egress policies.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: The attacker's ability to establish initial footholds within the cloud environment would likely be constrained, reducing the risk of unauthorized access.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: The attacker's ability to escalate privileges within the cloud environment would likely be constrained, reducing the risk of unauthorized access.

Lateral Movement

Control: East-West Traffic Security

Mitigation: The attacker's ability to move laterally within the cloud environment would likely be constrained, reducing the risk of further compromise.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: The attacker's ability to establish and maintain command and control channels would likely be constrained, reducing the risk of persistent access.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: The attacker's ability to exfiltrate sensitive data would likely be constrained, reducing the risk of data loss.

Impact (Mitigations)

The attacker's ability to achieve their objectives would likely be constrained, reducing the overall impact of the attack.

Impact at a Glance

Affected Business Functions

Customer Service
Marketing and Promotions
Online Sales

Operational Disruption

Estimated downtime: N/A

Financial Impact

Estimated loss: N/A

Data Exposure

Personal and financial information of users who interacted with the fraudulent campaigns.

Recommended Actions

• Implement Zero Trust Segmentation to limit the spread of malicious content within the network.
• Enhance Threat Detection & Anomaly Response capabilities to identify and respond to social engineering attacks.
• Utilize Multicloud Visibility & Control to monitor and manage traffic across different cloud environments.
• Enforce Egress Security & Policy Enforcement to prevent unauthorized outbound communications.
• Conduct regular user training to raise awareness about social engineering tactics and phishing schemes.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

Sniper Dz Scams Exploit Fake Facebook Offers to Target MENA Users

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

MITRE ATT&CK® Techniques

Impersonation

Establish Accounts: Social Media Accounts

Phishing: Spearphishing via Service

Compromise Accounts: Social Media Accounts

Potential Compliance Exposure

PCI DSS 4.0 – Security Awareness Program

NYDFS 23 NYCRR 500 – Cybersecurity Awareness Training

DORA – ICT Risk Management Framework

NIS2 Directive – Cybersecurity Risk Management Measures

CISA ZTMM 2.0 – User Training and Awareness

Sector Implications

Government Administration

Telecommunications

Financial Services

Political Organization

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads

Products

By Role

Customer Stories

Security & Legal

Solutions

Resources

Industry

Company

Tools