Navigating the Hajj Season: A Time of Spiritual Unity and Rising Cyber Threats Targeting Consumers
Cyber Threat Intelligence
Intro
During the Hajj season, there is an increased risk of online scams targeting individuals who are planning to make the pilgrimage to Mecca. Fraudsters employ various tactics to deceive and defraud unsuspecting pilgrims.
Hajj is a significant event for Muslims, and many save for years to be able to make the pilgrimage. Unfortunately, fraudsters take advantage of this and attempt to deceive believers, causing financial losses and shattered dreams.
On Tuesday, May 14, Saudi Arabian authorities have issued warnings about online registration scams and fake websites targeting individuals who are planning to make Hajj and Umrah pilgrimages. The Ministry of Hajj and Umrah officials have urged pilgrims to only use official ministry accounts and be cautious of false invitations to Hajj. To safeguard yourself, they recommend using their official website - www.haj.gov.sa to find a licensed Hajj service provider.
The City of London Police is also aware of this problem and has produced a leaflet to provide advice to Hajj pilgrims and encourage victims of fraudulent traders to report the matter to the police. Only British Muslims collectively spend £125 million on the Hajj - but not everyone wins the right to make the journey.
According to the Association of British Travel Agents (ABTA), every year, around 25,000 pilgrims from the UK travel to Saudi Arabia for Hajj. ABTA has reported cases where individuals have paid for sub-standard or non-existent travel arrangements, resulting in financial losses of thousands of pounds for the victims. According to the statistics, during the last Hajj season before the COVID-19 pandemic, about two-thirds of the pilgrims to Mecca came from outside of the Saudi Arabian Kingdom. In 2023, the Hajj pilgrimage drew approximately 1.84 million pilgrims from around the world. This includes both Saudi Arabian and foreign pilgrims from a diverse range of countries, including the United States, European Union nations, and many other countries. The Hajj pilgrimage is a significant cultural and religious event, attracting millions of Muslims from across the globe each year.
These scams often involve fraudsters duping people into parting with personal information and money by encouraging them to follow links to fake websites. The scams can be particularly devastating, as individuals may lose their life savings or suffer significant financial losses. Fraudsters do not discriminate based on age, gender, or location. They target licensed travel companies and advertise fraudulent deals for Hajj tours. In some cases, these tours are sold at significantly discounted prices, but shortly before departure, the tour operator closes, leaving people without a tour and no way to get their money back.
Online Scams During Hajj Season
Common scams during the Hajj season include:
1. Fake Hajj pilgrimage agencies: Fraudsters set up fake travel agencies or websites offering attractive packages to entice people. These packages may be sold at significantly discounted prices, but the tour operator closes shortly before departure, leaving individuals without a tour and no way to get their money back.
2. Online registration scams: Scammers create fake websites or send out false invitations, duping people into providing personal information and money. They may encourage individuals to follow links to these fake websites, where they are tricked into making payments or sharing sensitive information.
3. Sub-standard or non-existent travel arrangements: Some individuals pay for travel arrangements that turn out to be sub-standard or, in the worst cases, non-existent. Victims may be left out of pocket by thousands of pounds.
4. Unlicensed or fraudulent travel companies: Organized crime groups target licensed travel companies and advertise fraudulent deals for Hajj tours. These deals may be sold at significantly lower prices, but the tour operator closes before departure, leaving individuals without a tour and no way to get their money back.
5. Social media scams: Scammers use social media platforms to promote fake Hajj packages and entice people with attractive offers. They take advantage of the high demand for pilgrimages and use social media to spread their scams.
Evolving Fraudulent Tactics for Identity Theft
In line with Vision 2030, the Ministry of Hajj and Umrah has launched a digital platform, Nusuk, to facilitate planning, booking, registration, and payment for Hajj and Umrah. This platform has significantly reduced the risk of fraud by travel agents, as it directly connects pilgrims with official Hajj operators and payments are routed through a government payment platform. At present, the platform serves pilgrims from Europe, the Americas, and Australia, while residents of other countries are required to register through Hajj missions in their respective countries. The Saudi government has launched an awareness campaign to protect aspiring pilgrims from falling prey to fraudulent schemes.
Resecurity has detected multiple fraudulent resources impersonating Nusuk, the official digital platform for Hajj and Umrah pilgrims. These fake resources are designed to trick consumers by mimicking official messaging on behalf of Saudi Arabia's leadership. The fraudsters are impersonating the country's leadership to increase trust in their fake resources, which are intended to collect sensitive information and facilitate fraudulent activities. It is essential for consumers to be aware of these fraudulent schemes and take necessary precautions to protect themselves.
Below are some snapshots captured from the fraudulent links that collect personal identifiable information (PII) under the guise of free Hajj applications. These links are designed to trick victims into sharing their sensitive information, which is then used to scam them or sold on the dark web.
The fraudulent links appear to be legitimate, but they are actually designed to collect sensitive information such as names, dates of birth, nationalities, and contact information. This information is then used by threat actors to commit identity theft, fraud, and other cybercrimes. It is essential for individuals to be aware of these types of scams and take necessary precautions to protect their personal data. The scammers also sell this stolen information on the dark web, where it is further used by threat actors for cybercrime purposes.
One of the fraudulent resources, registergov[.]com, has been identified by Resecurity as part of a larger identity theft campaign targeting consumers. The fraudsters aimed to imitate a government resource by using a similar design and style, along with copied text from the official ministry's website resources. This sophisticated approach was designed to deceive victims into sharing their personal information. The fraudulent resource was first detected in early May, and it is believed that it has been active since then.
To scale their operations and generate more damage to victims, the fraudsters asked victims to share the fraudulent resource with their contacts (at least 15 to be invited) and invite them to join. This tactic allowed them to reach a wider audience, increasing the likelihood of additional victims falling prey to their scheme. By spreading the fraudulent resource through social networks, the fraudsters were able to rapidly expand their operation and increase their potential for profit.
Generative AI and "Troll Factories"
These malicious campaigns are often disseminated through social media and WhatsApp groups, allowing fraudsters to gather as much Personally Identifiable Information (PII) as possible from victims. For example, consider the following social media posts and subsequent links that lead to fraudulent websites:
Notably, fraudsters were detected using generative AI to create convincing texts in Arabic, disseminating Hajj season-related messages. Generative AI is a type of artificial intelligence that can generate human-like content, including text, images, and audio. In this case, the fraudsters employed this technology to create deceiving messages that could be used to trick victims.
Fraudsters are increasingly using so-called "troll factories" to spread deceptive content on social media, often as part of their schemes to defraud individuals. A troll factory is a network of individuals who are hired to create and disseminate online content, often designed to deceive or manipulate. These factories can be used to spread fake news, propaganda, or other forms of deceptive information, with the goal of influencing public opinion or driving traffic to malicious websites.
In the context of fraud, troll factories can be used to create fake profiles, spread false information, or engage in other forms of online manipulation. For example, fraudsters may use troll factories to create fake reviews or testimonials for a product or service, or to spread false information about important events.
In a recent effort to combat fraud, Resecurity has identified and blocked over 630 accounts suspected of distributing fraudulent content targeting consumers preparing for Hajj season via social media. These accounts were allegedly distributing false information and scams related to Hajj travel, accommodation, and other services, with the intention of deceiving and defrauding individuals.
The blocked accounts were part of a larger investigation that aimed to uncover and disrupt fraudulent activities on social media. By taking swift action to identify and block these accounts, Resecurity has helped protect consumers from falling victim to these types of scams. This effort highlights the importance of collaboration between online platforms, law enforcement agencies and private sector in fighting fraud and promoting online safety.
Financial Fraud and Payment Data Compromise
Despite the Ministry of Hajj's initiative to streamline the hajj registration process through the NUSUK app, fraudulent campaigns continue to pose a threat. The threat intelligence team has identified a new phishing campaign, where a fraudulent website has been designed to impersonate the official website of the unified hajj registration platform, Nusuk.
The phishing website, located at nusuksa[.]com, follows the same layout as the original website. However, when users access it, they are directed to a payment interception form, which is designed to steal sensitive information.
It is essential for individuals to exercise caution when using online services, especially during peak periods like hajj season. It is crucial to verify the authenticity of websites and links before entering personal information or making payments.
Resecurity team has successfully identified and blocked a resource that was collecting payment data from victims. Through their expertise, the team was able to pinpoint the resource and take swift action to prevent further unauthorized access. This achievement demonstrates the team's commitment to protecting individuals' sensitive information and maintaining online security.
Money Exchange Services Scams
As the Hajj season approaches, consumers are advised to be vigilant against online scams involving money exchange services. Scammers are using various tactics to deceive individuals, including fake offers, false promises, and manipulated exchange rates. These scams can result in significant financial losses for unsuspecting victims.
It is essential to be aware of the warning signs and red flags that indicate an online money exchange service is likely to be a scam. These may include unusual or unregistered websites, lack of transparency in their business practices, or unusually high exchange rates. To avoid falling victim to these scams, consumers should research reputable money exchange services, verify their credentials, and exercise extreme caution when transacting online.
Risk Mitigation
It is important to raise awareness about these scams and encourage victims to report incidents to the authorities to prevent others from falling victim to the same scams.
To protect themselves from online scams during the Hajj season, individuals should take precautions such as:
1. Using official ministry accounts: Only use official ministry accounts for registration and communication related to Hajj and Umrah pilgrimages.
2. Verifying legitimacy: Verify the legitimacy of travel arrangements and tour operators. Check if the travel agency or tour operator is a member of reputable organizations like the Association of British Travel Agents (ABTA). Some recommended measures include checking if the travel agency or tour operator is a member of ABTA, ensuring the travel company is ATOL protected, and verifying the legitimacy of the travel arrangements.
3. Getting everything in writing: Ensure that all agreements, contracts, and receipts are provided in writing to have a record of the transaction.
4. Reporting fraudulent activities: If individuals suspect they have been targeted by an online scam, they should report the incident to the relevant authorities. In the UK, they can report it to Action Fraud or speak to a specialist adviser.
The number of reported Hajj fraud crimes is growing, with estimates suggesting that only around 3% of victims report the crimes to authorities. To report fraudulent activities, please share your information with the relevant authorities. You may also contact Resecurity at contact@resecurity.com, providing detailed information that will be used for further investigation and takedown.
Significance
Online scams targeting individuals planning to make the Hajj pilgrimage are a significant concern. In summary, fraudsters are known to increase their fraudulent activities during the Hajj season, targeting individuals who are making travel arrangements for the pilgrimage. These fraudsters employ various tactics, such as creating fake websites, offering discounted tours, and deceiving individuals into providing personal information and money. It is important for individuals to be cautious, verify the legitimacy of travel arrangements, and report any fraudulent activities to the authorities.
References
- Hajj fraud warning given to UK Muslims from MPs and police ahead of 2024 pilgrimage
https://au.news.yahoo.com/hajj-fraud-warning-given-uk-072111297.html
- Hajj and Umrah fraud
https://cbhuk.org/hajj-umrah-fraud/
- Hajj fraud
https://www.police.uk/pu/services-information/hajj-fraud
- ABTA Advisory
https://www.abta.com/tips-and-advice/planning-and-booking-a-holiday/hajj-fraud