Table of Contents
Group-IB, the Singapore-based cybersecurity firm, yesterday released a new report describing in detail a new fraud campaign in course against Arabic speakers in job seeker in Middle East and North Africa region.
Digital risk protection experts at Group-IP’s Threat Intelligence and Research Center in Dubai, UAE discovered and analyzed more than 2,400 job posting pages false posing as companies from 13 countries within the MENA region, created on social network from January 2022 to January 2023.
On these pages, scammers impersonate more than 40 large companies in the region and post job offers in Arab who offer fantastic salaries; It is a social engineering ploy aimed at making the victims interact with the post with the aim of stealing the user’s account credentials on the social network.
To achieve this, scammers embed links to fraudulent sites through post on false pages of social media.
These scam sites are usually linked to phishing pages in where the victim is asked to enter their credentials and password. Group-IP analysts also revealed that scammers often impersonate companies from Egypt, Saudi Arabia and Algeria for the duration of this scam campaign.
To investigate this fraud campaign, Group-IP analysts used the company’s digital risk protection platform, which uses artificial intelligence technology, high-resolution image analysis and text recognition capabilities text to identify fraudulent sites.
Additionally, this scam exclusively targets individuals, many of whom will be unaware that their accounts have been hacked, limiting Group-IP’s view of the scope of this campaign. Despite this, Group-IP’s digital risk protection researchers will continue to monitor this scam and will work to ensure that any pages impersonating the affected companies are removed.
Eliminate fraudulent campaigns
This scam campaign has been notable due to the amount of pages false created and the large number of countries targeted. In all, Group-IP’s digital risk protection experts discovered more than 2,400 pages impersonating more than 40 major brands in the Middle East and North Africa region.
This campaign also targeted Arabic speakers only, as all ads ran in Arabic. And the companies in Egypt were the companies most impersonated by scammers, as Egypt accounted for 48% of the pages false created on Facebook. And 23 percent of organizations and businesses are located in the Kingdom of Saudi Arabia, followed by Algeria with 16 percent, then Tunisia with 7 percent, then Morocco with 4 percent.
In terms of time period, this scam campaign was first noticed in January 2022 and peaked in August when 609 new scam pages were created. New scam pages continue to be created every day, and in January 2023, 108 Facebook pages were discovered posting job vacancies false for businesses located in the Middle East and Africa region, more than the number of pages created in November and December 2022.
Group-IP researchers analyzed the fake job vacancies and found that many of them claim to offer too good wages for low-level jobs. media qualification to be true and are a way to attract victims. A page impersonating a well-known oil company in Algeria also said it was offering monthly salaries of 4,500 euros ($4,800) to drivers and painters. Other pages advertise more realistic salaries, with one profile posing as a Saudi dairy company saying workers can expect to earn over 3,500 Saudi riyals (about $930).
The actors in this particular campaign focused their attention on multiple sectors, however, the logistics sector was the most targeted sector, as Group-IP found that 64% of fraudulent pages impersonating companies operating in this sector.
As noted in Previously from Group-IP, scammers targeting users in the Middle East and Africa region are particularly fond of impersonating logistics organizations due to the potential high return on investment. While 20 percent of scam pages impersonated food and beverage companies, 12 percent impersonated oil companies.
He also impersonated a specific company on more than 1,000 pages false. Another major target of this campaign was a dairy farm in Saudi Arabia and an Algerian logistics firm, whose trademarks were used on more than 200 and 300 pages respectively.
Some of the identified pages in this scam they also claimed to offer jobs to people for FIFA World Cup 2022 in Qatar. At the end of last year, expert digital protection researchers from Group-IP, who have been involved in international law enforcement efforts to protect the digital space around the tournament, published their conclusions on the results of their research on counterfeit goods, counterfeit tickets and counterfeit jobs Scams targeting the 2022 Qatar World Cup, which included the discovery of more than 16,000 fraudulent websites.
Convincing users to sign up for the fake campaign
The success of any fraud campaign depends on the threat actors’ ability to impersonate in convincing way a company. In this scam scheme, the vast majority of Facebook pages false it showed the official name of the affected brand. Most of these accounts had the word “jobs” (vacancy) in the title.
THE post on such pages they are distinguished by eye-catching text, which usually states that the company in issue is urgently hiring for a number of positions. Fraudsters often attempt to generate a false sense of urgency to urge victims to take action without assessing whether or not the opportunity they are interacting with is real. In this case, taking action means clicking on the scam page link in the post of Facebook.
These scam pages are often very simple and contain only a “Register Now” button. Above all, they contain the branding of the company in question, along with a description of the jobs they claim to be advertisements. After the victim clicks the “Register Now” button, they are often redirected to a phishing page posing as a social network like Facebook.
If the user enters their email or phone number and password, the scammers have everything they need to access the victim’s account on the scammers’ platform. social media. In rare cases, scam web pages are used to redirect users to other scam pages.
In this context, Sherif Helal, Head of Risk Protection Analytics in the Middle East and North Africa region at Group-IP, he said: “This fraud campaign is important because it targets individual Internet users in Middle East and North Africa via a Facebook platform, which is a social network very popular in the region. Group-IP’s digital risk protection researchers also identified cases of fraud using the same tactics and tools to lure victims in previously, and we will continue to build on this experience, using Group-IP technology to detect and remove “Fraudulent Websites” to ensure the digital safety of businesses and Internet users. Through this research, we hope to raise awareness in the Middle East region and Africa about the tricks scammers use, like targeting people in job seekers, to steal their data and potentially cause them financial loss.”
Data theft exposes victims to great risk if they use the same username and password for accounts on other platforms. Especially those related to personal financial affairs, such as: cryptocurrency wallets and investment wallets. Also, Group-IP experts have found cases in where scammers have used compromised accounts to share scam and phishing links with other users, and threat actors can also demand money from the victim to recover the account. This caused the targeted companies and brands to risk the company’s reputation.
The IB Group urges Internet users to exercise caution and always check the URL when following links purporting to lead to the company’s website, especially if these links are accessed on social media or sent via chat.
Also, users need to enable two-factor authentication for their accounts online to provide an extra layer of security in able to prevent such fraud and must also ensure that they do not use the same password for multiple accounts. He advises companies to use DRP solutions to monitor for signs of brand abuse online and immediately detect and block any threats that could lead to fraud.