🚀 لقد رفعت CloudSek جولة B1 من السلسلة B1 بقيمة 19 مليون دولار - تعزيز مستقبل الأمن السيبراني التنبؤي
اقرأ المزيد
Executive Summary
Ramadan is a time of reflection, generosity, and heightened charitable giving. However, cybercriminals are exploiting this sacred period to launch targeted crypto scams, preying on the goodwill of individuals and organizations. From fraudulent donation requests to spreading crypto token investment schemes, these scams leverage social engineering and trust to deceive victims into transferring their digital assets.
This report examines the rising trend of Ramadan-related crypto, e-commerce and donation scams, uncovering the techniques used by cybercriminals, their impact on victims, and best practices for staying secure and making awareness and vigilance more crucial than ever.
Analysis
Lure of Free Crypto - leading to Wallet Draining
As Ramadan approaches, millions worldwide engage in charity, gifting, and financial transactions. Cybercriminals exploit this generosity by launching deceptive schemes disguised as giveaways and airdrops.
Wallet Draining, with Task based Incentives
An interesting website that we would like to highlight for this case, is one that has sprouted in recent days titled “RamadanAI”, has been created in recent days, promising users prizes of value worth 0.03 and 0.10 Solana, after connecting their Phantom Wallet and carrying out quests to earn Solana.
This is done, while additionally promoting a new token on the Solana Platform, incidentally named ‘Ramadan Ai’, which currently has a low value. This is probably because of the token’s infancy on the market. Changes to the token’s value within 24 hours indicates low trading activity and a sharp fall-off (possible whale sell-off or low liquidity impact).
At the time of publishing this blog, the token had been discontinued.
How Victims Fall for the Scam and the Exploitation of Religion
1. The Illusion of “Earn While You Worship”
This scam capitalizes on religious devotion by blending spirituality with financial incentives. It presents users with a gamified reward system, encouraging them to complete faith-based actions — such as prayer, Quran recitation, and sharing religious quotes, under the guise of earning cryptocurrency.
2. Psychological Manipulation and Social Proof
The task-based system encourages users to take small, seemingly harmless actions—like following an account or tweeting a Ramadan quote, before escalating to more dangerous actions, such as connecting their crypto wallets.
The social engagement aspect (tweeting or following an account) also helps the scam gain visibility, making it seem more legitimate as more people unknowingly promote it.
3. The Wallet Connection Trap
Ultimately, to “receive” the promised SOL rewards, users are likely asked to connect their crypto wallets. This step is where the real attack happens:
- Malicious smart contracts can drain users’ funds once connected.
- Phishing attempts may request private keys or seed phrases under the pretense of “verifying transactions.”
- Approval scams trick users into unknowingly granting unlimited spending access to the scammers.
To further lend an air of legitimacy to the entire proceedings, a Gitbooks page was discovered with documentation, under the guise of a Whitepaper on the token
Promotion of New Ramadan-themed tokens on X
In recent days, a handful of accounts have been created on X (formerly Twitter) to boost promotion of Ramadan based crypto tokens. A cursory search revealed over 15 recently created Twitter accounts engaging in the practice. They are namely:-
- $RMDN - https://x.com/RamadanSolana/
- $RAMADAN - https://x.com/sali_sami7/
- $RMD - https://x.com/RCoin7470
- $SABR - https://x.com/RamadaanCoin
- $DOZERAMZAN - https://x.com/DogeRamzan
Gauging Engagement - These giveaways often gauge engagement from users by inviting them to follow, comment or join associated Telegram channels. This has been observed to be a common occurrence on Twitter since 2024.
Leveraging Legitimacy - As evidenced by the screenshots below, the accounts running token promotions have the ‘Verified Tick’ associated with the profiles. These can be purchased from as low as USD 6.51 per month, as per revised account upgrade policies. As these are typically (in the public sense) associated with accounts spreading trustworthy content, people can be duped into this illusion. The posts are usually associated with a wallet/contract address for making transactions.
Need for regulations - The rapid rise of memecoins and fake tokens, often created under the guise of supporting a cause, highlights a significant regulatory gap in the crypto space. Unlike traditional financial instruments, these tokens can be launched with little to no oversight, allowing bad actors to exploit public sentiment for profit. The absence of stringent regulations means that anyone can generate a token, promote it through social media hype, and lure investors with promises of giveaways or charitable donations—many of which never materialize.
Though these are tokens that are being promoted during this holy month, they should be made aware of in the public domain so that uninformed citizens can prevent falling into pitfalls, with unwise investment ventures
Token Analysis
Based on those available on the cryptocurrency network and keeping factors such as liquidity and token age in mind, a few risky tokens could be flagged:-
Takeaways from the table:-
- Tokens with "Low" or "Low-Medium" Liquidity:
- High slippage – Large trades may cause extreme price swings.
- Difficult to sell – If buyers are not available, you may be stuck with the token.
- Potential exit scam risk – If the team decides to pull liquidity, the token value can drop to zero instantly.
- Tokens with No Liquidity Lock:
- Rug pull potential – The project owner can remove liquidity anytime, making the token worthless.
- Possibility of Pump & Dump – Unlocked liquidity allows whales to manipulate the price.
Propagation of Untrustworthy Links to offer Zakat
A recent case involved a fake online advertisement falsely claiming to provide SGD 1,000 in financial aid through the Islamic Religious Council of Singapore (Muis). The scam lures victims into submitting their personal details via an application form, potentially leading to identity theft and financial fraud. This was later clarified by the religious society as a faux charity assistance drive.
Ramadan Giveaways
Found to be circulating within the first few days of Ramadan was a data pack giveaway for phone users. Under the illusion of a data pack giveaway between 50 GB and 100 GB, over 50 primary domains with the (.top and .xyz) TLD’s were found to be registered and associated with the campaign. These were then circulated across Facebook. The campaign is centered around Philippines and the Middle East (a list of affected telecom companies have been provided below).
When clicking on the distributed links, the user is met with a 404 ‘Not Found’ page. Tinkering with the collected pages by using a proxy service, a php page was found, having JavaScript that helps in evading detection.
- This condition checks:
- If the system is Windows (win), macOS (max), or Linux/Unix (x11).
- If the screen’s available width is greater than its height (window.screen.availWidth > window.screen.availHeight), which suggests a desktop environment (as mobile screens are typically taller than wide).
- Sets the href attribute to the endpoint '/emit/404/p' which displays the 404 Not Found page, for desktop users.
- Programmatically "clicks" the link to navigate to this endpoint.
Using the cues from the .php file, the user agent was adjusted accordingly, to reveal the following page:
As observed from the screenshots, the domain appears to the user in the form of an interactive Facebook post, with the comment and reaction features replicated. A list of suspect domains have been provided i the Appendix section of this Intelligence report (Tables 2 and 3)
The interaction begins by the user requiring to enter their phone number (which is not validated), and requiring to spam the Whatsapp and Messenger share buttons, until the progress bar reaches 100%
As part of verification, 3 more verification buttons are displayed, and eventually redirects the user from v3.takeverify.com to amazon.com.
Questionnaire based giveaways target Milo Drink Customers
On March 10, Nestlé Malaysia issued a warning regarding a fraudulent MILO Ramadan Contest that was being circulated online. The fake context uses engagement and involves fake posts offering cash prizes in exchange for completing a questionnaire. The company, through a public statement clarified that the contest is not affiliated with MILO or Nestlé and urged consumers to verify such promotions only through official Channels.
This is keeping in mind that Milo was targeted in a similar scam orchestration during the month of Ramadan in 2023, when a similar Questionnaire was floated around, offering cash prizes.
With the cases seen so far, Fake giveaways, especially during Ramadan, can significantly damage a brand's reputation by eroding consumer trust. When scammers exploit a brand’s name to deceive users, customers may associate the company with fraudulent activities, even if it is not at fault. This can lead to negative publicity, loss of customer confidence, and potential financial consequences as brands need to invest in damage control and public awareness campaigns.
E-Commerce during Holy Month: Sales with a Catch
Typical of this time of the year are clusters of fake E-Commerce websites that get created at mass and those that have an ulterior motive beyond the shopfront. Instagram Pages, offering too-good-to-be-true deals come into the mix during this holy month
Scammers leverage the lure of fake discounts, deceptive offers, and counterfeit product listings to lure unsuspecting customers into fraudulent transactions, leading to false hopes. Fake listings of luxury goods have been subjected to similar deceptive practices in the past. A couple of potentially suspicious domains have been included in the Appendix section of this Intelligence report.
On March 5, the news outlet GD News reported occurrences where scammers are exploiting Ramadan shoppers by advertising discounted abayas on social media platforms and fraudulent websites. These were in turn flagged from fake Instagram accounts selling them, by Bahrain’s General Directorate of Anti-Corruption and Economic and Electronic Security.
These listings attract buyers with too-good-to-be-true offers, claiming to sell premium abayas at significantly reduced prices. However, once payments are made, victims either receive substandard or counterfeit products or, in many cases, nothing at all.
Conclusion
The rise in scams during Ramadan highlights the ever-evolving tactics of cybercriminals who exploit religious generosity and the festive shopping rush for financial gain. From fake Zakat assistance programs to fraudulent giveaways, these scams target individuals’ trust, leading to significant financial and personal losses.
The increasing sophistication of these frauds calls for a proactive approach, combining public awareness, stronger cybersecurity measures, and collaboration between financial institutions, retailers, and law enforcement. By staying informed, verifying sources, and adopting secure online practices, individuals can better protect themselves from falling victim to these deceptive schemes
Mitigation
- Avoid clicking on links from unknown emails, SMS, or social media ads claiming exclusive Ramadan discounts, giveaways or financial aid. Be cautious of unrealistic discounts and suspicious retail listings on social media
- In these times, it is advised to be more vigilant than ever about being charitable. Please conduct proper checks and donate to trustworthy charitable organizations or donate in-person
- Be cautious of crypto-based donation campaigns promoted on social media or messaging apps, especially those promising high returns or anonymous donations.
References
- *Intelligence source and information reliability - Wikipedia
- #Traffic Light Protocol - Wikipedia
- Scammers take advantage of Ramadan as online transactions spike - Cyberdaily.au
- Online abaya sales scam alert - GD News
Appendix
