CTM360 has noticed a surge in phishing websites targeting both local and global brands in the GCC. Scammers are employing a common website design to create phishing pages that imitate the products and logos of these established brands.
12 Feb 2024
OVERVIEW
These phishing campaigns result in significant financial losses and the compromise of personal data for the customers of these brands.
Some well-known brands like Tea Time, Hardees, Jasmis, Caribou, and others are being targeted in this campaign. Because these brands are popular in the GCC and have lots of customers, scammers are going after them. CTM360’s WebHunt platform is actively tracking such phishing campaigns; 100+ phishing sites targeting different brands have been identified as part of this campaign.
CTM360’s observation of the trend
-
Mode of Delivery: Fake ads via social media platform
Scammers have created fake accounts on Facebook and Instagram, which they leverage to promote fake ads with attractive offers from targeted brands. These ads ultimately direct users to phishing sites.
-
Scammers then take advantage of users' trust by making these phishing sites on domain names that are related to GCC countries and using the .shop TLD. For instance, they might mix the name of a GCC country with a well-known brand they're copying, like "jasmis-bh- mega-offers[.]shop" or "hardees-kuwait[.]shop". These tricky website addresses are designed to fool users into thinking they're on real websites.
-
Brands targeted: The phishing campaign targets major fast food and coffee shops in GCC countries. Scammers create website pages that closely resemble authentic websites, making them appear genuine to unsuspecting individuals. Scammers use a similar phishing layout/template to target various brands.
Scammers also advertise these websites using flashy promotions, such as "happy hour" images, offering big discounts like 50% off everything and free delivery on orders. This strategy is meant to make users feel like they need to act quickly and tempt them into buying from the fake site.
-
Motive: Harvesting Debit/Credit Card Information
Once the victim has completed adding products to their cart, they are redirected to the payment page, which serves as the motive of the scammer. At this stage, the user is prompted to enter their debit/credit card information to obtain the victim's funds.
Recommendations
How to avoid becoming a victim of such Phishing campaigns:
For individuals:
-
Don't click on suspicious URLs, even if they appear from people you know.
-
Always verify the official website's appearance and pay attention to the domain name
and website’s interface.
-
Avoid any suspicious resources that ask for personal or payment information.
For businesses:
- Regularly monitor references to your brand in domain name and phishing website databases, which can be accessed by companies that provide brand protection and anti- fraud services.
- Quickly identify and eliminate networks of fraudulent websites that use your brand