New Sniper Dz Scam Operation Exploits MENA Users with Fraudulent Facebook Offers
FHN 
Cybersecurity researchers have uncovered a sophisticated scam campaign known as Sniper Dz, which primarily targets users across the Middle East and North Africa (MENA) region. The operation leverages fake Facebook promotions, deceptive social media content, and browser notification abuse to lure victims into fraudulent schemes.
Unlike traditional phishing attacks that immediately request credentials, Sniper Dz employs a multi-stage social engineering process designed to gradually build trust before redirecting users into malicious advertising and scam ecosystems. The campaign demonstrates how threat actors are increasingly combining social media platforms, legitimate web services, and browser features to maximize victim engagement.
Technical Analysis of the Campaign
Researchers found that the operation relies heavily on social engineering techniques rather than malware deployment. Victims are initially exposed to attractive Facebook advertisements promising prizes, discounts, giveaways, or exclusive offers.
The campaign then guides users through a series of seemingly legitimate web pages before ultimately triggering browser notification permissions and redirecting users into fraudulent content networks. By abusing trusted platforms and legitimate web services, the attackers are able to reduce suspicion and improve campaign effectiveness.
Sniper Dz Attack Flow
The attack follows a structured victim funnel designed to maximize conversion rates while minimizing detection.
Phase 1 – Social Media Lures
Attackers publish fraudulent advertisements and impersonation posts across social media platforms.
- Free gift offers
- Discount promotions
- Prize giveaways
- Mobile device rewards
Phase 2 – Legitimate-Looking Bridge Pages
Instead of immediately redirecting victims to malicious content, the campaign utilizes intermediary pages hosted on legitimate services.
- Link aggregation platforms
- Landing page builders
- Redirect services
- Social media profile pages
These bridge pages help bypass security filters and increase the perceived legitimacy of the campaign.
Simplified representation of the Sniper Dz victim funnel showing how users are guided from social media lures through trusted bridge pages before being exposed to browser notification abuse and scam content.
Phase 3 – Browser Notification Abuse
Once users reach the final stage, they are encouraged to allow browser notifications through deceptive prompts.
- Fake CAPTCHA pages
- “Click Allow to Continue”
- “Verify You’re Human”
After notification permissions are granted, attackers gain a persistent channel to deliver scam advertisements and fraudulent alerts directly to the victim’s browser.
Potential Risks to Users
- Financial Fraud
- Privacy Exposure
- Continuous Scam Exposure
- Credential Theft
Why Social Engineering Remains Effective
Modern scam campaigns increasingly rely on psychological manipulation rather than technical exploitation. By leveraging trusted platforms such as Facebook and legitimate web services, attackers can make fraudulent content appear authentic.
The use of multiple redirection stages also helps threat actors evade automated detection systems while increasing the likelihood that victims will complete the entire attack flow.
As users become more aware of traditional phishing techniques, attackers continue to evolve their tactics by combining social media abuse, browser notification exploitation, and deceptive marketing strategies.
Security Recommendations
- Verify Promotional Offers
- Review Browser Notifications
- Exercise Caution with Redirects
- Implement Security Awareness Training
The Sniper Dz campaign demonstrates how modern threat actors are leveraging social media impersonation, trusted bridge pages, and browser notification abuse to target users across the MENA region. Rather than relying on malware, the operation exploits user trust and social engineering tactics to drive victims toward fraudulent content, making awareness and browser security practices critical defenses against these evolving threats.
About the Author
