Analysts from a leading cybersecurity firm, Group-IB, have uncovered a massive phishing scam operation meant to impersonate one of the Kingdom of Saudi Arabia’s top recruitment agencies.
The cybersecurity team found at least 1,000 malicious domains during their research, with most containing a close match to a well-known Saudi agency that offers assistance in hiring employees for the construction and services sector, as well as domestic workers. Scams of this nature are growing at a rate of 10% per year, with more than $55 billion stolen during 2021 alone.
How The Scam Worked
The fake domains and their associated URLs were meant to fool people into thinking they’re the real deal. In addition, each domain featured convincing web pages designed to mimic the official agency website. Scammers were using these web pages to convince people to enter their data, hoping to harvest banking details, as well as both login information and two-factor authentication (2FA) codes.
To drive traffic to these fraudulent websites, the criminals used multiple layers of social engineering, first using ads on Facebook, Twitter, and Google that encouraged SMS or WhatsApp conversations, and then sending unwitting users to the fake sites to enter their details.
Once a user had landed on a fake domain, they were persuaded to part with a small processing fee of 50 or 100 SAR (approximately $13 or $27), which enabled the scammers to harvest banking data to empty accounts and make off with user’s hard-earned cash.
“Scammers are becoming increasingly resourceful and collaborative, and spoof domain brokers are actively assisting cybercriminals. We encourage companies and organizations to monitor for signs of brand abuse, and we also urge internet users to remain vigilant so that they do not become victims of scams such as this,” says Mark Alpatskiy, CERT-GIB Senior Analyst.
Falling victim to a phishing scam can be costly, and Internet users are urged to show caution and always check URLs to verify they are legitimate before entering any personal data, as well as ensuring they are in communication with online chat services or call centers of the official company in question.
Are You Ready For This Year’s GITEX Shopper Event?
We’re excited to be media partners of this year’s GITEX Shopper event, an extravaganza bringing together all the big names and retailers in electronics.
GITEX Shopper, the giant 5-day electronics extravaganza, is getting ready to open its doors to the public between December 14 and 18 at the Dubai World Trade Center.
The expo brings together all of the top electronic brands and retailers and features huge discounts on all the best tech, plus prize draws, new product launches, interactive displays and much more.
Visitors to GITEX Shopper will be able to grab all of the latest products at the best prices, from gaming consoles and speakers to drones, TV sets, and even e-scooters. This 5-day shopping extravaganza offers exclusive discounts on selected items that can’t be found elsewhere, and there are plenty of shows and demonstrations at the expo to keep the whole family entertained.
To join over 100,000 people at this year’s GITEX Shopper and grab some of 2022’s biggest bargains, head over to the official website to register your interest.