Ramadan-era scams spiked in the Middle East, driven by a surge in e-commerce and siphoning tens of millions from consumers and businesses, with Saudi Arabia showing especially high spending. Resecurity urges stronger consumer awareness and enhanced security checks to counter tactics such as smishing, impersonation of logistics providers, and fake payment sites, often hosted on cloud platforms. #Aramex #SMSAExpress #ZajilExpress #SADAD #MUSANED #Ajeer #Ejar #Haraj
Keypoints
- Ramadan saw a notable rise in fraudulent activities and scams coinciding with high retail and online transactions in the region.
- Saudi Arabia led regional consumer spending, exceeding $16 billion, which attracted scam activity across logistics, payments, and e-commerce.
- Fraud tactics include gift/charity, job/scam-based recruitment, fake PoS, impersonation of logistics providers, romance scams, phishing/smishing, and crypto schemes.
- Impersonation of shipping/logistics (Aramex, SMSA Express, Zajil Express) via SMS/iMessage and fake sites to harvest personal and payment data.
- Phishing kits target payment data and even SADAD/MUSANED credentials, sometimes intercepting 2FA/OTP codes to bypass security checks.
- Fraud infrastructure leverages cloud hosts (Softr, Netlify, Vercel) to scale fraudulent sites rapidly; over 320 fraudulent sites were blocked for impersonating providers.
MITRE Techniques
- [T1566] Phishing β The attacker uses fraudulent notifications and fake payment forms to collect personal and payment information from victims. Quote: βThe victim gets a false notification claiming a parcel has been successfully delivered. This message asks for confirmation and requests personal information.β
- [T1566.003] Spearphishing via Service β Cybercriminals use messaging apps like WhatsApp to reach victims with phishing content and links, increasing credibility and reach. Quote: βCybercriminals frequently use WhatsApp, a popular messaging IM app, as their main way to communicate with potential victims.β
Indicators of Compromise
- [Domain] context β semssda6266.blogspot.com, aremexss549.blogspot.com, and 16 more items (if applicable)
- [URL] context β https://sadad14c.softr.app/, https://sites.google.com/view/iger-1, and 16 more items (if applicable)
- [Hosting Service] cloud hosting used β Softr, Netlify, and Vercel