As millions of Muslims prepare for the annual Hajj pilgrimage to Mecca, cybersecurity threats are on the rise. According to Resecurity’s cyber threat intelligence team, this year’s Hajj season is plagued with a variety of scams and frauds targeting unsuspecting pilgrims. These scams include fake travel agencies, fraudulent online registration sites, sub-standard travel arrangements, and unlicensed travel companies created by organized crime groups. The reliance on mobile apps and websites for logistical needs, such as booking travel and accommodation and managing finances, makes pilgrims particularly vulnerable to these cyber threats.
Fraudsters use fake websites and social media platforms to promote bogus Hajj packages, tricking individuals into providing sensitive information and money. One notable example is the fraudulent website Registergovcom, part of an identity theft campaign involving multiple fake websites posing as free Hajj applications. These scams result in significant financial losses and personal data breaches for victims.
Additionally, Saudi Arabia’s official digital platform, Nusuk, designed to facilitate secure Hajj planning and registration, has been exploited by cybercriminals. Phishing campaigns involving fake sites like nusuksacom redirect users to malicious payment interception forms, stealing sensitive information. Resecurity has identified and blocked over 630 accounts suspected of distributing fraudulent content targeting Hajj pilgrims, and a resource collecting payment data was also blocked.
To combat these threats, researchers are calling for stronger collaboration between digital platforms, law enforcement, and the private sector. Pilgrims are advised to exercise caution, thoroughly research reputable services, verify credentials, and remain vigilant against online scams, particularly those involving money exchange services.
Reference:
