More than 2400 scam pages have been discovered targeting Arabic-speaking job seekers in 13 countries from January 2022 to January 2023.
The findings were made public by Group-IB security researchers in an advisory published earlier today. In it, risk protection analysts Sharef Hlal and Olga Ulchenko said that firms based in Egypt (48%), Saudi Arabia (23%) and Algeria (17%) were the most impersonated by scammers.
“This scam scheme targets more than 40 well-known brands from 13 countries in the MEA region,” explained the technical write-up, adding that 64% of scam pages discovered in this campaign impersonated companies in the logistics sector, followed by the food and beverage sector (20%) and the petroleum industry (12%).
The malicious campaign relies on an initial phishing attempt that leads victims to scam web pages containing a similar description about the fake vacancy.
Read more on phishing here: Phishing Sites and Apps Use ChatGPT as Lure
“Should they click on the ‘apply’ button contained on these scam web pages, victims are redirected to phishing websites that the scammers create to harvest the credentials of victims’ social network accounts,” reads the advisory.
The scammers then access victims’ accounts and update the associated password, email address and phone number information, before demanding money from victims to retrieve them.
According to the security experts, the scam campaign peaked in activity in August 2022, which saw the creation of over 600 new fake job pages.
Hlal and Ulchenko warned that the majority of the fake social media pages are still online, with new ones being created on a daily basis.
“Combatting scams of this type is vital, as companies whose brands are appropriated by scammers can experience reputational loss, as victims in the future may associate their negative experiences at the hands of the scammers with the targeted brands.”
The malicious campaign discovered by Group-IB comes amid an increase in phishing attempts targeting mobile devices.