News
Widespread Phishing Scam Discovered In Saudi Arabia
Group-IB, a global cybersecurity firm, has published research into a scheme where scammers impersonate one of the leading manpower agencies in Saudi Arabia.
Analysts from a leading cybersecurity firm, Group-IB, have uncovered a massive phishing scam operation meant to impersonate one of the Kingdom of Saudi Arabia’s top recruitment agencies.
The cybersecurity team found at least 1,000 malicious domains during their research, with most containing a close match to a well-known Saudi agency that offers assistance in hiring employees for the construction and services sector, as well as domestic workers. Scams of this nature are growing at a rate of 10% per year, with more than $55 billion stolen during 2021 alone.
How The Scam Worked
The fake domains and their associated URLs were meant to fool people into thinking they’re the real deal. In addition, each domain featured convincing web pages designed to mimic the official agency website. Scammers were using these web pages to convince people to enter their data, hoping to harvest banking details, as well as both login information and two-factor authentication (2FA) codes.
To drive traffic to these fraudulent websites, the criminals used multiple layers of social engineering, first using ads on Facebook, Twitter, and Google that encouraged SMS or WhatsApp conversations, and then sending unwitting users to the fake sites to enter their details.
Once a user had landed on a fake domain, they were persuaded to part with a small processing fee of 50 or 100 SAR (approximately $13 or $27), which enabled the scammers to harvest banking data to empty accounts and make off with user’s hard-earned cash.
Also Read: Is Your Phone Hacked? How To Find Out & Protect Yourself
“Scammers are becoming increasingly resourceful and collaborative, and spoof domain brokers are actively assisting cybercriminals. We encourage companies and organizations to monitor for signs of brand abuse, and we also urge internet users to remain vigilant so that they do not become victims of scams such as this,” says Mark Alpatskiy, CERT-GIB Senior Analyst.
Falling victim to a phishing scam can be costly, and Internet users are urged to show caution and always check URLs to verify they are legitimate before entering any personal data, as well as ensuring they are in communication with online chat services or call centers of the official company in question.