From April 1 till May 1 Muslims around the world celebrate a big holiday of Ramadan. During this month, various good deeds and all kinds of charity are encouraged in every possible way. This can often be used by attackers by creating various phishing sites or other ways to steal money or personal data.
Kaspersky specialists have studied the situation and revealed various methods of fraud.
Specific types of scam
Since Muslims are now having a Ramadan holiday, scammers are taking advantage of the situation and trying to lure money from users focusing on charity. The example below shows that fraudsters, under the guise of food boxes, are trying to lure users to a phishing site. This is not an ordinary scam, when visitors are promised money or any gadgets like iPhone. For disguise, the attackers used the theme of the Ramadan to lull the audience’s vigilance.
Another example is the greeting cards that users can send to each other on various occasions. Fraudsters can use such cards for several purposes. For example, to collect contacts, further send phishing content and increase the number of visits to the site.
“It is no surprise that criminals are trying to take advantage of Ramadan for their financial gain by tricking people who are eager to help and donate during the holy month. We’ve already seen several examples of how criminals use different tactics to steal their victim’s sensitive information or credit card details. While we encourage people to donate to the people in need, we also urge them to be extremely cautious and only donate to trusted sources”. Said Tatyana Shcherbakova, Security Expert at Kaspersky.
General types of fraud
However, in addition to themed postcards and Ramadan charity scams, Kaspersky experts have found more traditional forms of fraud. For example, below is a classic example of a scam where fraudsters promise users 100GB free if they follow the link and sign up. To make the page more credible, there are also some comments from already “registered users”. Another similar example is a fraudulent site on behalf of Amazon, where visitors only need to answer a couple of questions to receive a prize.
In such scam cases, fraudsters usually try to get personal or financial data as well as ask users to share the link with contacts in messengers. Besides, scammers can redirect users to other scam or phishing web sites, but with different content. So, users often have to go through the scheme several times: a survey – share contacts on different sites before they are asked to enter banking information.