Cyber criminals have impersonated a “leading” recruitment firm in Saudi Arabia in a bid to break into people’s bank accounts and steal money, a cyber security firm said on Wednesday.
Group-IB found that scammers created more than 1,000 fake versions of the Saudi company’s websites, to lure in people looking for domestic staff, such as cleaners, via ads for the website on sites like Facebook. The company targeted by the criminals was not named.
After people applied to hire the domestic workers on one of the fake websites, they were asked to pay a “small processing fee” of approximately $13 or $27, Group-IB said. Although this transaction never took place, it allowed scammers to harvest their bank details for their own use.
The scam began in April 2021, and “appeared to peak in March 2022.”
“Group-IB analysts believe that the surge in new domains registered in early 2022 could be a sign that a growing number of internet users had fallen victim to this scheme,” the cyber security group said.
“The driving factor for this scam scheme is an unholy alliance between scammers and spoof domain brokers,” Group-IB said.
Spoof domain brokers are people selling fake websites and web address to scammers, a spokesperson for the company told Al Arabiya English. One of the brokers in particular was found to be selling more than 100 fake URLs that resembled that of the Saudi recruitment firm.
Group-IB also revealed in July that cybercriminals had launched a widescale phishing campaign targeting users in the Middle East, identifying more than 270 domains posing as well-known postal service brands.
Analysts at the company identified more than 400 domains impersonating global brands as part of this phishing campaign, with more than half of which were intended to target users in the Middle East.
Saudi Arabia has famously been a target for cybercriminals with the infamous hacking of oil giant Aramco in 2012, in one of the world’s biggest cyberattacks to date. A group called Cutting Sword of Justice claimed responsibility for the attack which damaged around 30,000 computers with the aim of stopping oil and gas production.