The article warns that the Hajj season attracts online scams targeting pilgrims, including fake agencies, online registration scams, sub-standard travel arrangements, and social-media fraud. It also details impersonation of Nusuk and government resources, use of generative AI and troll factories, and actions by Resecurity to disrupt these schemes. #Nusuk #Resecurity #Nusuksa #registergov #HajjFraud
Keypoints
- During the Hajj season, scams include fake agencies, online registration scams, sub-standard or non-existent travel arrangements, unlicensed operators, and social media fraud.
- The Nusuk digital platform aims to streamline planning and payments, reducing fraud by connecting pilgrims directly with official operators.
- Fraudulent resources impersonating Nusuk have been detected, designed to mimic official messaging and collect sensitive personal information for fraud or dark web resale.
- Imitation of government resources, such as registergov[.]com, has been used to deceive victims and expand identity-theft campaigns.
- Fraudsters employ generative AI and “troll factories” to spread deceptive content on social media, with hundreds of accounts blocked by investigators.
- A phishing campaign uses nusuksa[.]com to mimic the Nusuk site and directs victims to a payment interception form to steal payment data.
- Risk mitigation emphasizes using official channels, verifying legitimacy, getting agreements in writing, and reporting incidents to authorities (UK Action Fraud referenced).
MITRE Techniques
- [T1566.001] Phishing: Spearphishing Link – Fake websites and invitations lure victims into providing personal information and money; “Common scams during the Hajj season include: 2. Online registration scams: Scammers create fake websites or send out false invitations, duping people into providing personal information and money. They may encourage individuals to follow links to these fake websites, where they are tricked into making payments or sharing sensitive information.”
- [T1036] Masquerading – Fraudulent resources impersonate Nusuk and official messaging to gain trust; “Resecurity has detected multiple fraudulent resources impersonating Nusuk, the official digital platform for Hajj and Umrah pilgrims. These fake resources are designed to trick consumers by mimicking official messaging on behalf of Saudi Arabia’s leadership.”
- [T1056.003] Credentials from Web Form – Phishing site uses a payment interception form to steal sensitive information; “The phishing website, located at nusuksa[.]com, follows the same layout as the original website. However, when users access it, they are directed to a payment interception form, which is designed to steal sensitive information.”
Indicators of Compromise
- [Domain] Phishing domains – nusuksa[.]com, registergov[.]com