Scam Artists on the Rise in Saudi Arabia: Cybercriminals Exploit Human Weaknesses and Low Awareness in Online Banking

In the second quarter of 2023, Saudi Arabia witnessed a significant surge in cybercrime activities targeting online banking customers, according to Resecurity, a California-based cyber threat intelligence firm. The company reported an almost 320% increase in online scams, with cybercriminals primarily focusing on investment schemes.

The Surge of Investment Scams in Saudi Arabia

Eyad Ismail Hashash, CEO of HAMI Security, a Riyadh-based cybersecurity solutions provider, stated that investment scams are a trending type of cybercriminal activity in Saudi Arabia. Fraudsters impersonate banking employees or financial advisors to gain the trust of potential victims, who are often newly interested in digital finance products and peer-to-peer payments.

Once access has been obtained, bad actors use remote administration tools to control the victim’s mobile device and perform illegal transactions. They collect two-factor authentication (2FA) and one-time password (OTP) codes to further secure their illegal access.

Human Weaknesses and Low Awareness

Hashash noted that weak human elements and low awareness of information security remain key challenges for regulators, leading to a growing trend of cybercrime in Saudi Arabia. Cybercriminals exploit these weaknesses to collect millions of Saudi riyals through various social engineering techniques.

Common Investment Scams

One of the most common schemes involves impersonating existing investment products offered by major financial institutions in the Kingdom. Scammers often use WhatsApp as their preferred communication method, posing as investment company representatives. More advanced schemes involve larger transactions, and some involve amounts exceeding 100,000 SAR per transaction.

Financial and Emotional Consequences

Christian Lee, Chief Technology Officer of Resecurity, emphasizes the importance of timely post-incident response. The collaborative process can help return stolen funds and prevent future incidents. The consequences of these scams extend beyond financial losses, as they also create distrust and negatively impact victims’ loyalty to financial institutions.

Case Study: The MOBITRADER Scam

In late 2022, Resecurity successfully investigated the MOBITRADER scam, which impersonated a Forex broker with short-term investment options. Several victims lost significant amounts of money and had their funds laundered through a network of money mules. The stolen funds eventually ended up in points of sale or ATMs.

A Collective Effort to Secure Online Banking

One victim, Alma, who asked to remain anonymous, reported how the bad actors accessed her account, bypassed 2FA, and performed unauthorized transfers to multiple accounts within the same bank. She lost her funds instantly and was unable to recover them. Resecurity encourages victims of investment scams to report incidents promptly to local law enforcement to increase their chances of recovering stolen funds. In the fight against cybercrime, a collective effort from both the private and public sectors is crucial to secure online banking in Saudi Arabia.