Cyber scams in the Middle East

Citizens across the Middle East are among the most active users of social media platforms in the world. Countries such as Saudi Arabia and the UAE often top the charts in terms of social media adoption and engagement, fuelled by high rates of smartphone ownership, fast-paced growth of internet penetration, and a large youth population.

A survey of seven Arab nations in 2018 revealed that WhatsApp is the most popular social media platform in the Middle East, followed by Facebook and Instagram.

Despite the region’s uneasy relationship with some messaging services, including WhatsApp and Facebook Messenger, they have become an indispensable part of the daily lives of over two-thirds of the residents. In the UAE alone, WhatsApp has 7.84 million users – some 83% of the country’s population. The rise in the app’s popularity has made it the de facto channel of communication between citizens and businesses, as well as some government agencies.

Facebook, in turn, has become a top source for daily news among young Arabs. According to the Arab Youth Survey published earlier this year, Facebook is the preferred news source, overtaking television, newspapers and online news websites. The report revealed that the region’s young people trust what they read on Facebook more than what they watch on mainstream news channels. This could be attributed both to the major role played by the platform during the Arab Spring, and to regional governments’ continued control of traditional media.

As the prominence of the Internet continues to flourish, so too have criminal activities. A recent survey of over 1,300 CEOs around the world highlighted cyber-crime as one of the top concerns in the Middle East, while a report on the economic impact of cybercrime listed the UAE as the second most targeted country in the world, costing it an estimated $1.4bn per year.

Meanwhile, a separate study in 2017 found that victims of cybercrime in the UAE spend on average nearly 48 hours dealing with the aftermath, over double the global average of 23.6 hours.

Social media platforms in particular have become a breeding ground for fraud. The methods used by scammers are constantly evolving as they continue to roam popular platforms in search of vulnerable users in the region: whether to trick people out of money or to harvest their personal data, social media scams are resulting in significant financial and emotional harm, as well as a loss of trust.

Consumers International published an interesting paper on social media scams in May 2019.

We have included some of their scam categories in our examples below.

Cryptocurrency fraud: users are lured into investing in cryptocurrencies. Earlier this year, for instance, it was reported that Facebook had taken down a page promoting a fraudulent bitcoin scheme targeting UAE residents. Scammers exploited the Facebook ads feature to direct people to a fake story claiming that the Crown Prince of Abu Dhabi had personally endorsed a scheme that cost Dh918 ($250) to join, and was guaranteed to make participants “rich in seven days”. The post was shared over 5,000 times and garnered more than 8,000 comments, in which many users disclosed their personal information.

Cash grabs: this scam involves a scammer managing to hijack a social media or email account and using it to send messages asking for money to the victim’s friends and contacts. Examples are shown in the images below. In them fraudsters requested money from the targets after obtaining access to their friends’ WhatsApp accounts. In the first conversation the victim is asked to transfer money on behalf of their busy “friend” who promises to pay back as soon as possible. Meanwhile, in the second conversation, the “friend” is unable to make a purchase online and is asking the victim to send a picture of their credit card while promising to pay them back the following day. The UAE’s Telecommunications Regulatory Authority, in an effort to raise awareness, produced a video telling the story of someone who fell for this type of scam sending over Dh50,000 ($13,600) to a “friend stranded in London.”

 

blog

Fake giveaways and job offers: posts claiming to be made from a legitimate business will contain links to fake prizes and deals, or even job offers. Scammers can then harvest personal information or use Facebook ‘likes’ to build up a list of followers who will be in turn be spammed with further scams. Fraudsters posing as Emirates Airlines, for instance, used WhatsApp and other social media networks to ask people to take part in a competition to win 500 tickets. Clicking and following those messages could have led users to lose their personal and financial information and to have their devices compromised. Another example of this scam is shown in the image below where fake job openings in the Saudi Government are sent over WhatsApp with suspicious links.

blog2

Catfishing: users are contacted by fraudsters using fake profiles and then lured into an online relationship. After building up trust, victims are asked to transfer money, share personal details, or send compromising photos. Facebook and Twitter users in Saudi Arabia and the UAE have regularly complained about being victims of fake matchmaker profiles.

blog3-2

Clickbait: this involves the use of social media posts often referring to celebrities or news stories. A victim who clicks on the link may be led to an external website which downloads malware onto their computer. The image below shows examples of tweets used to promote suspicious URLs disguised as links to a news story about a multi-vehicle crash in Kuwait.

blog4-2

Other common scamming techniques include subscription traps where users are tricked into signing up for a product or service which they never receive yet are charged for; and membership scams through which users are invited to join a bogus group or fan page that requires them to share personal information or pay to use.

The popularity of social media in the Middle East, coupled with the increasing threat of online scams, underscores the need for tech companies to implement safeguards to protect users. Advanced algorithms can automatically identify and block malicious posts, while awareness campaigns help educate vulnerable users avoid the myriad of scams online. Cyjax bolsters these safeguards by alerting clients to emerging threats on the horizon, ensuring that their employees remain informed and protected.