Group-IB has uncovered scammers across the Middle East leveraging fake betting game advertisements on social media to target users and steal personal data and funds.
Group-IB’s Computer Emergency Response Team (CERT) found more than 500 deceptive ads and over 1,377 malicious websites across the world, with more than 200 advertisements targeting Egypt and 160 in the Gulf region. These are designed to trick users into downloading fraudulent applications that promise users easy money in a matter of seconds and end up stealing personal data and money instead. Group-IB’s CERT even found advertisements in Arabic, and alleged winnings from other ‘users’ that were generated through the fraudulent betting were shown in Egyptian Pounds (EGP) – in some instances amounting to more than US$10,000.
One of the key tactics employed by these scammers is using AI-generated voices in different languages to make the advertisements seem local and trustworthy, regardless of where the scam is being carried out. This has helped to proliferate the scam campaign and help scammers continually expand into new markets. Scammers also leverage the large user bases and advanced targeting features of social media platforms and their algorithms to target vulnerable users. Using the lure of easy money, the scammers then trick users into sideloading fraudulent apps, that are often distributed through third-party websites or APK files, thereby bypassing security checks on official application stores. The low cost and ease of creating and distributing these ads make it even easier for fraudsters to maximize the reach and impact of these scam campaigns.
“In a region where the economy is growing exponentially, aided by digital transformation, individuals and businesses are more reliant on mobile devices and online applications”, said Mahmoud Mosaad, CERT-GIB Analyst. “Scammers know this, and are using fraudulent ads to entice victims with the allure of guaranteed winnings, stealing personal data and money instead. Understanding how these scams operate and recognizing the red flags can go a long way in protecting yourself and your business. By staying informed and vigilant, you can avoid falling victim to these tactics and ensure your online security remains intact.”
Group-IB also shared that fake reviews and testimonials are helping these scams to succeed. These fake reviews often include detailed narratives, screenshots, and even photos of “successful” players, creating the illusion of a highly profitable and trustworthy game that draws unsuspecting users in deeper into becoming scam victims.
Here are some recommendations that Group-IB has for both businesses and individuals:
- Avoid Untrusted Downloads: Only download apps from official stores like Google Play or the Apple App Store. Be cautious of third-party APK files.
- Be Skeptical of Quick Money Promises: If an ad promises easy money, it’s likely too good to be true.
- Verify Authenticity: Check whether the app or ad is associated with legitimate banking or business
- Stay vigilant, report fraudulent ads, and only interact with verified and trusted apps.
- Safeguard reputation and online presence to maintain continuity and uphold consumer trust.