image

Hajj Pilgrimage Hit by Extensive Phishing and Data Theft Scams

Cybersecurity threats rise during this peak season as millions embark on the annual Hajj pilgrimage. This article offers crucial tips for pilgrims to safeguard themselves online while ensuring a safe and fulfilling Hajj experience.

Every year, millions of Muslims embark on the Hajj pilgrimage, a deeply spiritual journey, to Mecca, Saudi Arabia. However, the forever-widening scope of cybercrimes has made the event vulnerable to a range of cyber threats.

According to Resecurity’s cyber threat intelligence team’s research, shared exclusively with  Hackread.com ahead of its publication, this year’s Hajj season is marred with an extensive range of frauds and scams. 

The pilgrimage involves a multitude of logistical steps, from booking travel and accommodation to managing finances and staying connected with loved ones, for which pilgrims typically rely heavily on mobile apps and websites. 

This reliance can expose them to frauds like fake travel agencies, online registration scams, sub-standard travel arrangements, and unlicensed travel companies created by organized crime groups, etc. The Association of British Travel Agents (ABTA) reports cases where individuals paid for sub-standard or non-existent travel arrangements, resulting in financial losses for victims.

These scams often involve fake websites or invitations, duping people into providing personal information and money. Scammers also use social media platforms to promote fake Hajj packages and entice people with attractive offers, ultimately leaving individuals without a tour and no way to recover their money.

According to Rsecurity’s blog post, researchers found that a fraudulent website Registergovcom was part of a larger identity theft campaign, which involved several fake websites disguised as free Hajj applications, tricking victims into sharing sensitive data. The information is used by threat actors for identity theft, fraud, and other cybercrime.

Moreover, Saudi Arabia’s official digital platform, Nusuk, launched to facilitate secure planning, booking, registration, and payment for Hajj and Umrah, is also exploited by cybercriminals. One of the phishing campaigns involving a fake site nusuksacom was found redirecting users to a payment interception form, stealing sensitive information. 

In addition, scammers are using generative AI and Troll Factories to spread deceptive content on social media and defraud individuals. Resecurity has blocked over 630 accounts suspected of distributing fraudulent content targeting individuals preparing for Hajj season. The team also successfully blocked a resource collecting payment data.

Researchers call for stronger collaboration between platforms, law enforcement, and the private sector as Hajj approaches. Consumers are advised to be vigilant against online scams involving money exchange services, which can result in significant financial losses. To avoid falling victim to these scams, do your research on reputable services, verify their credentials, and exercise caution online.