Cybercriminals are targeting shoppers in the Middle East with Ramadan-themed offers, which they use to access computers and steal money, online security experts are warning.
Researchers point to increasingly cunning methods used by criminals to defraud victims by outsmarting standard security protocols.
There are also warnings about bogus charities looking for donations during the time of giving for Muslims.
Security firm CloudSEK said it has uncovered a stealth malware campaign targeting shoppers in the Middle East during Ramadan, taking advantage of one of the region’s busiest shopping periods.
It impersonates a Ramadan offer linked to coupon finder AlCoupon and names popular retail brands such as Hyper One, Carrefour Saudi and Metro.
The malicious document promises discounts and a Ramadan basket worth 2,000 Egyptian pounds ($38), but once opened launches a hidden infection designed to avoid detection.
CloudSEK says messages written in Arabic use Ramadan-themed references to familiar retail brands. It also uses the promo code RAMADAN25 to appear legitimate.
Ayush Panwar, a threat intelligence researcher with the Indian company, told The National that the fake coupons are sent to the potential victim via email to a Windows PC.
In order to get them to download the malware, a message box says that the coupon is created using an earlier version of Word and to see the content they need to click ‘enable editing’ and then ‘enable content’," explained Mr Panwar.
“The background showing the actual coupon will be blurred but once you click on that then it will begin running the malware in the background,” he said.
“At that point the malware will take control of your computer without you noticing and swipe your passwords for your bank account or Bitcoin wallet for example.
“This campaign shows how threat actors are adapting their tactics to local behaviour, seasonal trust and consumer habits."
He advised anyone who sees any similar documents pop up in their email to “be cautious and be paranoid that everything can be scam".
Rescurity, a California-based cybersecurity firm with offices in the Middle East, told The National that the findings of research it conducted into scams around Ramadan and Eid Fitr last year are still applicable.
During the month of Ramadan, Resecurity said it has seen “a significant increase in fraudulent activities and scams, coinciding with a surge in retail and online transactions”.
The estimated cost impact of these activities ranges between $70 million and $100 million, with expatriates, residents, and foreign visitors alike all victims.
Rescurity says the cybercrime it has seen centres around victims being lured by WhatsApp or Telegrams messages.
Fraud activity includes cryptocurrency scams, appeals for donations from fake charities, fraudulent investments and fake job scams. There are also romance scams and blackmail attempts.
Resecurity noted a rising trend in Ramadan scams involving bogus notifications from well-known shipping companies, such as Aramex, SMSA Express, and Zajil Express.
Text messages falsely claim that a parcel delivery is pending due to unpaid fees, urging the recipient to make an immediate payment.
This method is designed to trick individuals into believing they owe money for a delivery, prompting a quick response, says Resecurity.
