Adversary Intelligence
5
mins read

Ramadan Scams on the Rise: Fake Giveaways, Crypto Traps & Fraudulent Donations

Ramadan is a time of reflection, charity, and community spirit, but cybercriminals are turning this season of giving into a playground for deception. From fraudulent donation campaigns to fake crypto giveaways, scammers are preying on goodwill, manipulating emotions, and using social proof to trick unsuspecting victims into parting with their digital assets. This advisory exposes the latest trends in Ramadan-themed scams, including wallet-draining schemes disguised as religious incentives, the rise of deceptive crypto tokens, and fake e-commerce sales targeting festive shoppers. With cybercriminals leveraging social media verification badges, AI-generated promotions, and complex psychological tricks, staying vigilant has never been more crucial. Learn how these scams work, who they target, and—most importantly—how to protect yourself and your loved ones from falling victim. Read the full report to uncover the hidden dangers lurking in your inbox, on your favorite social media platforms, and even in the name of charity.

Noel Varghese
March 13, 2025
Green Alert
Last Update posted on
March 13, 2025
Proactive Monitoring of the Dark Web for your organization.

Proactively monitor and defend your organization against threats from the dark web with CloudSEK XVigil.

Schedule a Demo
Table of Contents
Author(s)
No items found.

Executive Summary

Ramadan is a time of reflection, generosity, and heightened charitable giving. However, cybercriminals are exploiting this sacred period to launch targeted crypto scams, preying on the goodwill of individuals and organizations. From fraudulent donation requests to spreading crypto token investment schemes, these scams leverage social engineering and trust to deceive victims into transferring their digital assets.

This report examines the rising trend of Ramadan-related crypto, e-commerce and donation scams, uncovering the techniques used by cybercriminals, their impact on victims, and best practices for staying secure and making awareness and vigilance more crucial than ever.

Analysis

Lure of Free Crypto - leading to Wallet Draining

As Ramadan approaches, millions worldwide engage in charity, gifting, and financial transactions. Cybercriminals exploit this generosity by launching deceptive schemes disguised as giveaways and airdrops. 

Wallet Draining, with Task based Incentives

An interesting website that we would like to highlight for this case, is one that has sprouted in recent days titled “RamadanAI”, has been created in recent days, promising users prizes of value worth 0.03 and 0.10 Solana, after connecting their Phantom Wallet and carrying out quests to earn Solana.

Figure 1 -  Homepage of Ramadan AI

 Figure 2 -   Quest based giveaway

This is done, while additionally promoting a new token on the Solana Platform, incidentally named ‘Ramadan Ai’, which currently has a low value. This is probably because of the token’s infancy on the market. Changes to the token’s value within 24 hours indicates low trading activity and a sharp fall-off (possible whale sell-off or low liquidity impact).

Figure 3 -   $RMDN’s performance on the Solana Platform

At the time of publishing this blog, the token had been discontinued.

How Victims Fall for the Scam and the Exploitation of Religion

1. The Illusion of “Earn While You Worship”

This scam capitalizes on religious devotion by blending spirituality with financial incentives. It presents users with a gamified reward system, encouraging them to complete faith-based actions — such as prayer, Quran recitation, and sharing religious quotes, under the guise of earning cryptocurrency. 

2. Psychological Manipulation and Social Proof

The task-based system encourages users to take small, seemingly harmless actions—like following an account or tweeting a Ramadan quote, before escalating to more dangerous actions, such as connecting their crypto wallets.

The social engagement aspect (tweeting or following an account) also helps the scam gain visibility, making it seem more legitimate as more people unknowingly promote it.

3. The Wallet Connection Trap

Ultimately, to “receive” the promised SOL rewards, users are likely asked to connect their crypto wallets. This step is where the real attack happens:

  • Malicious smart contracts can drain users’ funds once connected.
  • Phishing attempts may request private keys or seed phrases under the pretense of “verifying transactions.”
  • Approval scams trick users into unknowingly granting unlimited spending access to the scammers.

To further lend an air of legitimacy to the entire proceedings, a Gitbooks page was discovered with documentation, under the guise of a Whitepaper on the token 

Figure 4 -  Screengrab detailing specifics of the token

Promotion of New Ramadan-themed tokens on X

In recent days, a handful of accounts have been created on X (formerly Twitter) to boost promotion of Ramadan based crypto tokens. A cursory search revealed over 15 recently created Twitter accounts engaging in the practice. They are namely:-

Gauging Engagement - These giveaways often gauge engagement from users by inviting them to follow, comment or join associated Telegram channels. This has been observed to be a common occurrence on Twitter since 2024.

Leveraging Legitimacy - As evidenced by the screenshots below, the accounts running token promotions have the ‘Verified Tick’ associated with the profiles. These can be purchased from as low as USD 6.51 per month, as per revised account upgrade policies. As these are typically (in the public sense) associated with accounts spreading trustworthy content, people can be duped into this illusion. The posts are usually associated with a wallet/contract address for making transactions.

 Figure 5 -  Launch of $RMDN token on the onset of Ramadan

Need for regulations - The rapid rise of memecoins and fake tokens, often created under the guise of supporting a cause, highlights a significant regulatory gap in the crypto space. Unlike traditional financial instruments, these tokens can be launched with little to no oversight, allowing bad actors to exploit public sentiment for profit. The absence of stringent regulations means that anyone can generate a token, promote it through social media hype, and lure investors with promises of giveaways or charitable donations—many of which never materialize.

Figure 6 -  Crypto Giveaways from a cut of the Zakat amount donated

 Figure 7 -  X Profile of Ramadan AI

Though these are tokens that are being promoted during this holy month, they should be made aware of in the public domain so that uninformed citizens can prevent falling into pitfalls, with unwise investment ventures 

Token Analysis

Based on those available on the cryptocurrency network and keeping factors such as liquidity and token age in mind, a few risky tokens could be flagged:-

Token Name Address Liquidity Locked? Liquidity Level
$RMCN 6zRCZfZLh5eyhXfWiQdyUV4RKQyrfRzc41uwjxTKkm6Q Yes (100%) Low-Medium
$RMD 8dluubzie2vwp7ndnqbdotuhrmhzhwrao4jwkh3u4cqf Yes (98.91%) Low-Medium
$RMD H6DL5cjzZcM2HaUYQkxHkpDmkMYsoL1CVyS5PYdymoon No High
Ramadan GoxBEfYYdLwVtioUxettH1YeqcRRmWRk9x3wN99n9Wvp No Low
$RMDN 6TC3Nj94aEFK7ZzZ5QWUk29aUeym4TQYcqntW4z8Q88x Yes (100%) Low

Takeaways from the table:-

  • Tokens with "Low" or "Low-Medium" Liquidity:
  1. High slippage – Large trades may cause extreme price swings.
  2. Difficult to sell – If buyers are not available, you may be stuck with the token.
  3. Potential exit scam risk – If the team decides to pull liquidity, the token value can drop to zero instantly.

  • Tokens with No Liquidity Lock:
  1. Rug pull potential – The project owner can remove liquidity anytime, making the token worthless.
  2. Possibility of Pump & Dump – Unlocked liquidity allows whales to manipulate the price.

Propagation of Untrustworthy Links to offer Zakat

A recent case involved a fake online advertisement falsely claiming to provide SGD 1,000 in financial aid through the Islamic Religious Council of Singapore (Muis). The scam lures victims into submitting their personal details via an application form, potentially leading to identity theft and financial fraud​. This was later clarified by the religious society as a faux charity assistance drive.

Figure 8 -  Fraudulent advertisement for Fasting Assistance , under the guise of ZakatSource and Source 

Ramadan Giveaways

Found to be circulating within the first few days of Ramadan was a data pack giveaway for phone users. Under the illusion of a data pack giveaway between 50 GB and 100 GB, over 50 primary domains with the (.top and .xyz) TLD’s were found to be registered and associated with the campaign. These were then circulated across Facebook. The campaign is centered around Philippines and the Middle East (a list of affected telecom companies have been provided below).

Figure 9 -  Offer of Mobile Data giveaway during Ramadan, in a recent development. This giveaway focuses on Telecom customers in the Philippines 

When clicking on the distributed links, the user is met with a 404 ‘Not Found’ page. Tinkering with the collected pages by using a proxy service, a php page was found, having JavaScript that helps in evading detection.

Figure 10 -  Javascript snippet preventing the website from loading on desktops

  • This condition checks:

  1. If the system is Windows (win), macOS (max), or Linux/Unix (x11).
  2. If the screen’s available width is greater than its height (window.screen.availWidth > window.screen.availHeight), which suggests a desktop environment (as mobile screens are typically taller than wide).
  3. Sets the href attribute to the endpoint '/emit/404/p' which displays the 404 Not Found page, for desktop users.
  4. Programmatically "clicks" the link to navigate to this endpoint.

Using the cues from the .php file, the user agent was adjusted accordingly, to reveal the following page:

Figure 11 -  Tweaking the user agent and using a proxy helped to evade detection

As observed from the screenshots, the domain appears to the user in the form of an interactive Facebook post, with the comment and reaction features replicated. A list of suspect domains have been provided i the Appendix section of this Intelligence report (Tables 2 and 3)

The interaction begins by the user requiring to enter their phone number (which is not validated), and requiring to spam the Whatsapp and Messenger share buttons, until the progress bar reaches 100%

 Figure 11 -  Progress bar on the website requiring users to share links, along with deceptive comments on the website encouraging   users

As part of verification, 3 more verification buttons are displayed, and eventually redirects the user from v3.takeverify.com to amazon.com.

Questionnaire based giveaways target Milo Drink Customers 

On March 10, Nestlé Malaysia issued a warning regarding a fraudulent MILO Ramadan Contest that was being circulated online. The fake context uses engagement and involves fake posts offering cash prizes in exchange for completing a questionnaire. The company, through a public statement clarified that the contest is not affiliated with MILO or Nestlé and urged consumers to verify such promotions only through official Channels.

This is keeping in mind that Milo was targeted in a similar scam orchestration during the month of Ramadan  in 2023, when a similar Questionnaire was floated around, offering cash prizes.

Figure 12 - Screenshot from a win screen from the 2023 Questionnaire Source

With the cases seen so far, Fake giveaways, especially during Ramadan, can significantly damage a brand's reputation by eroding consumer trust. When scammers exploit a brand’s name to deceive users, customers may associate the company with fraudulent activities, even if it is not at fault. This can lead to negative publicity, loss of customer confidence, and potential financial consequences as brands need to invest in damage control and public awareness campaigns.

E-Commerce during Holy Month: Sales with a Catch

Typical of this time of the year are clusters of fake E-Commerce websites that get created at mass and those that have an ulterior motive beyond the shopfront. Instagram Pages, offering too-good-to-be-true deals come into the mix during this holy month

Scammers leverage the lure of fake discounts, deceptive offers, and counterfeit product listings to lure unsuspecting customers into fraudulent transactions, leading to false hopes. Fake listings of luxury goods have been subjected to similar deceptive practices in the past. A couple of potentially suspicious domains have been included in the Appendix section of this Intelligence report.

Figure 13 -  Attire listing on a newly registered domain banking on sales during Ramadan

On March 5, the news outlet GD News reported occurrences where scammers are exploiting Ramadan shoppers by advertising discounted abayas on social media platforms and fraudulent websites​. These were in turn flagged from fake Instagram accounts selling them, by Bahrain’s General Directorate of Anti-Corruption and Economic and Electronic Security.

These listings attract buyers with too-good-to-be-true offers, claiming to sell premium abayas at significantly reduced prices. However, once payments are made, victims either receive substandard or counterfeit products or, in many cases, nothing at all.

Conclusion 

The rise in scams during Ramadan highlights the ever-evolving tactics of cybercriminals who exploit religious generosity and the festive shopping rush for financial gain. From fake Zakat assistance programs to fraudulent giveaways, these scams target individuals’ trust, leading to significant financial and personal losses. 

The increasing sophistication of these frauds calls for a proactive approach, combining public awareness, stronger cybersecurity measures, and collaboration between financial institutions, retailers, and law enforcement. By staying informed, verifying sources, and adopting secure online practices, individuals can better protect themselves from falling victim to these deceptive schemes

Mitigation

  • Avoid clicking on links from unknown emails, SMS, or social media ads claiming exclusive Ramadan discounts, giveaways or financial aid. Be cautious of unrealistic discounts and suspicious retail listings on social media
  • In these times, it is advised to be more vigilant than ever about being charitable. Please conduct proper checks and donate to trustworthy charitable organizations or donate in-person 
  • Be cautious of crypto-based donation campaigns promoted on social media or messaging apps, especially those promising high returns or anonymous donations.

References

Appendix

    Figure 14 - A Telegram forward about the fraudulent Zakat Assistance notice

      Figure 15 - Home page of a domain endorsing $RMD token

Figure 16 -  Offer of Mobile Data giveaway during Ramadan, in a recent development. This giveaway focuses on Telecom customers in the Middle East

Figure 17 -  Fraudulent Zakat Giveaway drive, under the name of Ministry of Innovation and Digital Economy, Sokoto Source : Facebook

Domain Name Redirection URL
https://uhde.top/ https://efxu.top/
https://idjf.top/ https://vuozr.top/
https://emergelegend.top/ https://biiei.top/
https://executetropical.top/ https://efxu.top/
https://2Fe0adea.contradictoryderail.top/ https://vuozr.top/
https://puimu.top/ https://biiei.top/
https://yesf.top/ https://efxu.top/
https://qaalr.top/ https://biiei.top/
https://2F602873.breadsuppressive.top/ https://idjf.top/

Domains involved in Ramadan Data Giveaway
bim.4sa5t[.]shop/ free705.uj92[.]xyz free723.vcw27[.]xyz
free688.vcw27[.]xyz tk.ab79[.]top free745.ox69[.]top
free724.pr29[.]top free781.frj20[.]xyz tk206.tvahoz[.]top
free785.viu9[.]xyz ld117.tw12[.]xyz free.yqg53[.]top
free727.893f[.]xyz free1.615d[.]xyz sa.aw26[.]top
free763.dfg54[.]xyz free720.bfu3[.]xyz free737.ox69[.]top
free710.48uz5[.]shop free733.scq27[.]xyz free736.frj20[.]xyz
free682.pr29[.]top free72.32ww[.]xyz free686.hj63[.]top
free685.rx08[.]top free733.ox69[.]top free735.vid01[.]xyz
free733.fha32[.]xyz free72.g8d4[.]xyz free687.scq27[.]xyz
app.4lmwo[.]shop kw.de32[.]xyz free640.tsobu[.]top

Domains
https://stlshop.youcan.store/
https://ramadn.shop/
http://ramadanofferbd.shop/

Author

Noel Varghese

Predict Cyber threats against your organization

Schedule a Demo
Related Posts
No items found.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.

Take action now

Secure your organisation with our Award winning Products

CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.

CloudSEK XVigil

Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.

Learn more about XVigil
CloudSEK SVigil

Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.

Learn more about SVigil
CloudSEK SVigil

Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.

Learn more about BeVigil Ent
CloudSEK BeVigil

Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.

Learn more about BeVigil
Adversary Intelligence

5

min read

Ramadan Scams on the Rise: Fake Giveaways, Crypto Traps & Fraudulent Donations

Ramadan is a time of reflection, charity, and community spirit, but cybercriminals are turning this season of giving into a playground for deception. From fraudulent donation campaigns to fake crypto giveaways, scammers are preying on goodwill, manipulating emotions, and using social proof to trick unsuspecting victims into parting with their digital assets. This advisory exposes the latest trends in Ramadan-themed scams, including wallet-draining schemes disguised as religious incentives, the rise of deceptive crypto tokens, and fake e-commerce sales targeting festive shoppers. With cybercriminals leveraging social media verification badges, AI-generated promotions, and complex psychological tricks, staying vigilant has never been more crucial. Learn how these scams work, who they target, and—most importantly—how to protect yourself and your loved ones from falling victim. Read the full report to uncover the hidden dangers lurking in your inbox, on your favorite social media platforms, and even in the name of charity.

Authors
Noel Varghese
Co-Authors
No items found.

Executive Summary

Ramadan is a time of reflection, generosity, and heightened charitable giving. However, cybercriminals are exploiting this sacred period to launch targeted crypto scams, preying on the goodwill of individuals and organizations. From fraudulent donation requests to spreading crypto token investment schemes, these scams leverage social engineering and trust to deceive victims into transferring their digital assets.

This report examines the rising trend of Ramadan-related crypto, e-commerce and donation scams, uncovering the techniques used by cybercriminals, their impact on victims, and best practices for staying secure and making awareness and vigilance more crucial than ever.

Analysis

Lure of Free Crypto - leading to Wallet Draining

As Ramadan approaches, millions worldwide engage in charity, gifting, and financial transactions. Cybercriminals exploit this generosity by launching deceptive schemes disguised as giveaways and airdrops. 

Wallet Draining, with Task based Incentives

An interesting website that we would like to highlight for this case, is one that has sprouted in recent days titled “RamadanAI”, has been created in recent days, promising users prizes of value worth 0.03 and 0.10 Solana, after connecting their Phantom Wallet and carrying out quests to earn Solana.

Figure 1 -  Homepage of Ramadan AI

 Figure 2 -   Quest based giveaway

This is done, while additionally promoting a new token on the Solana Platform, incidentally named ‘Ramadan Ai’, which currently has a low value. This is probably because of the token’s infancy on the market. Changes to the token’s value within 24 hours indicates low trading activity and a sharp fall-off (possible whale sell-off or low liquidity impact).

Figure 3 -   $RMDN’s performance on the Solana Platform

At the time of publishing this blog, the token had been discontinued.

How Victims Fall for the Scam and the Exploitation of Religion

1. The Illusion of “Earn While You Worship”

This scam capitalizes on religious devotion by blending spirituality with financial incentives. It presents users with a gamified reward system, encouraging them to complete faith-based actions — such as prayer, Quran recitation, and sharing religious quotes, under the guise of earning cryptocurrency. 

2. Psychological Manipulation and Social Proof

The task-based system encourages users to take small, seemingly harmless actions—like following an account or tweeting a Ramadan quote, before escalating to more dangerous actions, such as connecting their crypto wallets.

The social engagement aspect (tweeting or following an account) also helps the scam gain visibility, making it seem more legitimate as more people unknowingly promote it.

3. The Wallet Connection Trap

Ultimately, to “receive” the promised SOL rewards, users are likely asked to connect their crypto wallets. This step is where the real attack happens:

  • Malicious smart contracts can drain users’ funds once connected.
  • Phishing attempts may request private keys or seed phrases under the pretense of “verifying transactions.”
  • Approval scams trick users into unknowingly granting unlimited spending access to the scammers.

To further lend an air of legitimacy to the entire proceedings, a Gitbooks page was discovered with documentation, under the guise of a Whitepaper on the token 

Figure 4 -  Screengrab detailing specifics of the token

Promotion of New Ramadan-themed tokens on X

In recent days, a handful of accounts have been created on X (formerly Twitter) to boost promotion of Ramadan based crypto tokens. A cursory search revealed over 15 recently created Twitter accounts engaging in the practice. They are namely:-

Gauging Engagement - These giveaways often gauge engagement from users by inviting them to follow, comment or join associated Telegram channels. This has been observed to be a common occurrence on Twitter since 2024.

Leveraging Legitimacy - As evidenced by the screenshots below, the accounts running token promotions have the ‘Verified Tick’ associated with the profiles. These can be purchased from as low as USD 6.51 per month, as per revised account upgrade policies. As these are typically (in the public sense) associated with accounts spreading trustworthy content, people can be duped into this illusion. The posts are usually associated with a wallet/contract address for making transactions.

 Figure 5 -  Launch of $RMDN token on the onset of Ramadan

Need for regulations - The rapid rise of memecoins and fake tokens, often created under the guise of supporting a cause, highlights a significant regulatory gap in the crypto space. Unlike traditional financial instruments, these tokens can be launched with little to no oversight, allowing bad actors to exploit public sentiment for profit. The absence of stringent regulations means that anyone can generate a token, promote it through social media hype, and lure investors with promises of giveaways or charitable donations—many of which never materialize.

Figure 6 -  Crypto Giveaways from a cut of the Zakat amount donated

 Figure 7 -  X Profile of Ramadan AI

Though these are tokens that are being promoted during this holy month, they should be made aware of in the public domain so that uninformed citizens can prevent falling into pitfalls, with unwise investment ventures 

Token Analysis

Based on those available on the cryptocurrency network and keeping factors such as liquidity and token age in mind, a few risky tokens could be flagged:-

Token Name Address Liquidity Locked? Liquidity Level
$RMCN 6zRCZfZLh5eyhXfWiQdyUV4RKQyrfRzc41uwjxTKkm6Q Yes (100%) Low-Medium
$RMD 8dluubzie2vwp7ndnqbdotuhrmhzhwrao4jwkh3u4cqf Yes (98.91%) Low-Medium
$RMD H6DL5cjzZcM2HaUYQkxHkpDmkMYsoL1CVyS5PYdymoon No High
Ramadan GoxBEfYYdLwVtioUxettH1YeqcRRmWRk9x3wN99n9Wvp No Low
$RMDN 6TC3Nj94aEFK7ZzZ5QWUk29aUeym4TQYcqntW4z8Q88x Yes (100%) Low

Takeaways from the table:-

  • Tokens with "Low" or "Low-Medium" Liquidity:
  1. High slippage – Large trades may cause extreme price swings.
  2. Difficult to sell – If buyers are not available, you may be stuck with the token.
  3. Potential exit scam risk – If the team decides to pull liquidity, the token value can drop to zero instantly.

  • Tokens with No Liquidity Lock:
  1. Rug pull potential – The project owner can remove liquidity anytime, making the token worthless.
  2. Possibility of Pump & Dump – Unlocked liquidity allows whales to manipulate the price.

Propagation of Untrustworthy Links to offer Zakat

A recent case involved a fake online advertisement falsely claiming to provide SGD 1,000 in financial aid through the Islamic Religious Council of Singapore (Muis). The scam lures victims into submitting their personal details via an application form, potentially leading to identity theft and financial fraud​. This was later clarified by the religious society as a faux charity assistance drive.

Figure 8 -  Fraudulent advertisement for Fasting Assistance , under the guise of ZakatSource and Source 

Ramadan Giveaways

Found to be circulating within the first few days of Ramadan was a data pack giveaway for phone users. Under the illusion of a data pack giveaway between 50 GB and 100 GB, over 50 primary domains with the (.top and .xyz) TLD’s were found to be registered and associated with the campaign. These were then circulated across Facebook. The campaign is centered around Philippines and the Middle East (a list of affected telecom companies have been provided below).

Figure 9 -  Offer of Mobile Data giveaway during Ramadan, in a recent development. This giveaway focuses on Telecom customers in the Philippines 

When clicking on the distributed links, the user is met with a 404 ‘Not Found’ page. Tinkering with the collected pages by using a proxy service, a php page was found, having JavaScript that helps in evading detection.

Figure 10 -  Javascript snippet preventing the website from loading on desktops

  • This condition checks:

  1. If the system is Windows (win), macOS (max), or Linux/Unix (x11).
  2. If the screen’s available width is greater than its height (window.screen.availWidth > window.screen.availHeight), which suggests a desktop environment (as mobile screens are typically taller than wide).
  3. Sets the href attribute to the endpoint '/emit/404/p' which displays the 404 Not Found page, for desktop users.
  4. Programmatically "clicks" the link to navigate to this endpoint.

Using the cues from the .php file, the user agent was adjusted accordingly, to reveal the following page:

Figure 11 -  Tweaking the user agent and using a proxy helped to evade detection

As observed from the screenshots, the domain appears to the user in the form of an interactive Facebook post, with the comment and reaction features replicated. A list of suspect domains have been provided i the Appendix section of this Intelligence report (Tables 2 and 3)

The interaction begins by the user requiring to enter their phone number (which is not validated), and requiring to spam the Whatsapp and Messenger share buttons, until the progress bar reaches 100%

 Figure 11 -  Progress bar on the website requiring users to share links, along with deceptive comments on the website encouraging   users

As part of verification, 3 more verification buttons are displayed, and eventually redirects the user from v3.takeverify.com to amazon.com.

Questionnaire based giveaways target Milo Drink Customers 

On March 10, Nestlé Malaysia issued a warning regarding a fraudulent MILO Ramadan Contest that was being circulated online. The fake context uses engagement and involves fake posts offering cash prizes in exchange for completing a questionnaire. The company, through a public statement clarified that the contest is not affiliated with MILO or Nestlé and urged consumers to verify such promotions only through official Channels.

This is keeping in mind that Milo was targeted in a similar scam orchestration during the month of Ramadan  in 2023, when a similar Questionnaire was floated around, offering cash prizes.

Figure 12 - Screenshot from a win screen from the 2023 Questionnaire Source

With the cases seen so far, Fake giveaways, especially during Ramadan, can significantly damage a brand's reputation by eroding consumer trust. When scammers exploit a brand’s name to deceive users, customers may associate the company with fraudulent activities, even if it is not at fault. This can lead to negative publicity, loss of customer confidence, and potential financial consequences as brands need to invest in damage control and public awareness campaigns.

E-Commerce during Holy Month: Sales with a Catch

Typical of this time of the year are clusters of fake E-Commerce websites that get created at mass and those that have an ulterior motive beyond the shopfront. Instagram Pages, offering too-good-to-be-true deals come into the mix during this holy month

Scammers leverage the lure of fake discounts, deceptive offers, and counterfeit product listings to lure unsuspecting customers into fraudulent transactions, leading to false hopes. Fake listings of luxury goods have been subjected to similar deceptive practices in the past. A couple of potentially suspicious domains have been included in the Appendix section of this Intelligence report.

Figure 13 -  Attire listing on a newly registered domain banking on sales during Ramadan

On March 5, the news outlet GD News reported occurrences where scammers are exploiting Ramadan shoppers by advertising discounted abayas on social media platforms and fraudulent websites​. These were in turn flagged from fake Instagram accounts selling them, by Bahrain’s General Directorate of Anti-Corruption and Economic and Electronic Security.

These listings attract buyers with too-good-to-be-true offers, claiming to sell premium abayas at significantly reduced prices. However, once payments are made, victims either receive substandard or counterfeit products or, in many cases, nothing at all.

Conclusion 

The rise in scams during Ramadan highlights the ever-evolving tactics of cybercriminals who exploit religious generosity and the festive shopping rush for financial gain. From fake Zakat assistance programs to fraudulent giveaways, these scams target individuals’ trust, leading to significant financial and personal losses. 

The increasing sophistication of these frauds calls for a proactive approach, combining public awareness, stronger cybersecurity measures, and collaboration between financial institutions, retailers, and law enforcement. By staying informed, verifying sources, and adopting secure online practices, individuals can better protect themselves from falling victim to these deceptive schemes

Mitigation

  • Avoid clicking on links from unknown emails, SMS, or social media ads claiming exclusive Ramadan discounts, giveaways or financial aid. Be cautious of unrealistic discounts and suspicious retail listings on social media
  • In these times, it is advised to be more vigilant than ever about being charitable. Please conduct proper checks and donate to trustworthy charitable organizations or donate in-person 
  • Be cautious of crypto-based donation campaigns promoted on social media or messaging apps, especially those promising high returns or anonymous donations.

References

Appendix

    Figure 14 - A Telegram forward about the fraudulent Zakat Assistance notice

      Figure 15 - Home page of a domain endorsing $RMD token

Figure 16 -  Offer of Mobile Data giveaway during Ramadan, in a recent development. This giveaway focuses on Telecom customers in the Middle East

Figure 17 -  Fraudulent Zakat Giveaway drive, under the name of Ministry of Innovation and Digital Economy, Sokoto Source : Facebook

Domain Name Redirection URL
https://uhde.top/ https://efxu.top/
https://idjf.top/ https://vuozr.top/
https://emergelegend.top/ https://biiei.top/
https://executetropical.top/ https://efxu.top/
https://2Fe0adea.contradictoryderail.top/ https://vuozr.top/
https://puimu.top/ https://biiei.top/
https://yesf.top/ https://efxu.top/
https://qaalr.top/ https://biiei.top/
https://2F602873.breadsuppressive.top/ https://idjf.top/

Domains involved in Ramadan Data Giveaway
bim.4sa5t[.]shop/ free705.uj92[.]xyz free723.vcw27[.]xyz
free688.vcw27[.]xyz tk.ab79[.]top free745.ox69[.]top
free724.pr29[.]top free781.frj20[.]xyz tk206.tvahoz[.]top
free785.viu9[.]xyz ld117.tw12[.]xyz free.yqg53[.]top
free727.893f[.]xyz free1.615d[.]xyz sa.aw26[.]top
free763.dfg54[.]xyz free720.bfu3[.]xyz free737.ox69[.]top
free710.48uz5[.]shop free733.scq27[.]xyz free736.frj20[.]xyz
free682.pr29[.]top free72.32ww[.]xyz free686.hj63[.]top
free685.rx08[.]top free733.ox69[.]top free735.vid01[.]xyz
free733.fha32[.]xyz free72.g8d4[.]xyz free687.scq27[.]xyz
app.4lmwo[.]shop kw.de32[.]xyz free640.tsobu[.]top

Domains
https://stlshop.youcan.store/
https://ramadn.shop/
http://ramadanofferbd.shop/