Group-IB uncovers a mobile Ramadan-related scam

Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, announces today that its Cybersecurity Emergency Response Team (CERT-GIB) has uncovered a Ramadan-related scam targeting Muslims worldwide. During its investigation, CERT-GIB found that the scammers had registered 375 unique domains, mainly in the top-level domains .top, .shop, .xyz, between August 2022 and April 2024 which were dormant and had no prior content, indicating a long-term strategy to execute this scam during Ramadan. Operating under the guise of offering 60 GB of free mobile internet data at 5G speeds across a variety of telecommunications operators, the scammers aim to collect personal data and redistribute traffic further to dubious sites involving online casinos, and investment scam sites.

Screenshot of just one of the 375 web pages created by scammers targeting Muslims celebrating Ramadan.

With a focus on creating a sense of urgency and trust, the scammers lure victims with promises of generous internet data gifts. The scam employs social engineering tactics, leveraging cultural symbols such as those associated with Ramadan, as well as comments made by other “users” about receiving their gifts, to appear legitimate and trustworthy.

While the overall structure of the scheme resembles past scams involving quizzes and questionnaires, this iteration introduces novel elements. Instead of monetary promises, victims are enticed with specific offers of mobile data. Furthermore, redirections may lead victims to investment scam websites, adding another layer of complexity to the scheme.

The scam also employs various social engineering techniques, including creating a sense of exclusivity and urgency. Victims are encouraged to share the scam link with their contacts on WhatsApp within a limited timeframe, exploiting trust and pressure to act quickly. However, despite completing multiple steps and receiving praise along the way, victims ultimately do not receive the promised gifts. Instead, they may be directed to fill out questionnaires or provide personal information, leading to investment scam pages where they may be coerced into making deposits.

“As we continue to monitor and analyze these threats, we wish to caution everyone to be more cautious, especially during festive and cultural celebrations. By leveraging cultural symbols and social engineering tactics, these fraudsters prey on trust and urgency, ultimately leading unsuspecting victims into a web of deception. We urge users to exercise caution and verify the legitimacy of offers before sharing personal information online.”

Vladimir Kalugin

Operations Director, Digital Risk Protection (DRP) / CERT at Group-IB

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Group-IB uncovers a Ramadan-related scam targeting Muslim mobile users worldwide