🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Ramadan is a time of reflection, charity, and community spirit, but cybercriminals are turning this season of giving into a playground for deception. From fraudulent donation campaigns to fake crypto giveaways, scammers are preying on goodwill, manipulating emotions, and using social proof to trick unsuspecting victims into parting with their digital assets. This advisory exposes the latest trends in Ramadan-themed scams, including wallet-draining schemes disguised as religious incentives, the rise of deceptive crypto tokens, and fake e-commerce sales targeting festive shoppers. With cybercriminals leveraging social media verification badges, AI-generated promotions, and complex psychological tricks, staying vigilant has never been more crucial. Learn how these scams work, who they target, and—most importantly—how to protect yourself and your loved ones from falling victim. Read the full report to uncover the hidden dangers lurking in your inbox, on your favorite social media platforms, and even in the name of charity.
Proactively monitor and defend your organization against threats from the dark web with CloudSEK XVigil.
Schedule a DemoRamadan is a time of reflection, generosity, and heightened charitable giving. However, cybercriminals are exploiting this sacred period to launch targeted crypto scams, preying on the goodwill of individuals and organizations. From fraudulent donation requests to spreading crypto token investment schemes, these scams leverage social engineering and trust to deceive victims into transferring their digital assets.
This report examines the rising trend of Ramadan-related crypto, e-commerce and donation scams, uncovering the techniques used by cybercriminals, their impact on victims, and best practices for staying secure and making awareness and vigilance more crucial than ever.
As Ramadan approaches, millions worldwide engage in charity, gifting, and financial transactions. Cybercriminals exploit this generosity by launching deceptive schemes disguised as giveaways and airdrops.
An interesting website that we would like to highlight for this case, is one that has sprouted in recent days titled “RamadanAI”, has been created in recent days, promising users prizes of value worth 0.03 and 0.10 Solana, after connecting their Phantom Wallet and carrying out quests to earn Solana.
This is done, while additionally promoting a new token on the Solana Platform, incidentally named ‘Ramadan Ai’, which currently has a low value. This is probably because of the token’s infancy on the market. Changes to the token’s value within 24 hours indicates low trading activity and a sharp fall-off (possible whale sell-off or low liquidity impact).
At the time of publishing this blog, the token had been discontinued.
How Victims Fall for the Scam and the Exploitation of Religion
1. The Illusion of “Earn While You Worship”
This scam capitalizes on religious devotion by blending spirituality with financial incentives. It presents users with a gamified reward system, encouraging them to complete faith-based actions — such as prayer, Quran recitation, and sharing religious quotes, under the guise of earning cryptocurrency.
2. Psychological Manipulation and Social Proof
The task-based system encourages users to take small, seemingly harmless actions—like following an account or tweeting a Ramadan quote, before escalating to more dangerous actions, such as connecting their crypto wallets.
The social engagement aspect (tweeting or following an account) also helps the scam gain visibility, making it seem more legitimate as more people unknowingly promote it.
3. The Wallet Connection Trap
Ultimately, to “receive” the promised SOL rewards, users are likely asked to connect their crypto wallets. This step is where the real attack happens:
To further lend an air of legitimacy to the entire proceedings, a Gitbooks page was discovered with documentation, under the guise of a Whitepaper on the token
In recent days, a handful of accounts have been created on X (formerly Twitter) to boost promotion of Ramadan based crypto tokens. A cursory search revealed over 15 recently created Twitter accounts engaging in the practice. They are namely:-
Gauging Engagement - These giveaways often gauge engagement from users by inviting them to follow, comment or join associated Telegram channels. This has been observed to be a common occurrence on Twitter since 2024.
Leveraging Legitimacy - As evidenced by the screenshots below, the accounts running token promotions have the ‘Verified Tick’ associated with the profiles. These can be purchased from as low as USD 6.51 per month, as per revised account upgrade policies. As these are typically (in the public sense) associated with accounts spreading trustworthy content, people can be duped into this illusion. The posts are usually associated with a wallet/contract address for making transactions.
Need for regulations - The rapid rise of memecoins and fake tokens, often created under the guise of supporting a cause, highlights a significant regulatory gap in the crypto space. Unlike traditional financial instruments, these tokens can be launched with little to no oversight, allowing bad actors to exploit public sentiment for profit. The absence of stringent regulations means that anyone can generate a token, promote it through social media hype, and lure investors with promises of giveaways or charitable donations—many of which never materialize.
Though these are tokens that are being promoted during this holy month, they should be made aware of in the public domain so that uninformed citizens can prevent falling into pitfalls, with unwise investment ventures
Token Analysis
Based on those available on the cryptocurrency network and keeping factors such as liquidity and token age in mind, a few risky tokens could be flagged:-
Takeaways from the table:-
A recent case involved a fake online advertisement falsely claiming to provide SGD 1,000 in financial aid through the Islamic Religious Council of Singapore (Muis). The scam lures victims into submitting their personal details via an application form, potentially leading to identity theft and financial fraud. This was later clarified by the religious society as a faux charity assistance drive.
Found to be circulating within the first few days of Ramadan was a data pack giveaway for phone users. Under the illusion of a data pack giveaway between 50 GB and 100 GB, over 50 primary domains with the (.top and .xyz) TLD’s were found to be registered and associated with the campaign. These were then circulated across Facebook. The campaign is centered around Philippines and the Middle East (a list of affected telecom companies have been provided below).
When clicking on the distributed links, the user is met with a 404 ‘Not Found’ page. Tinkering with the collected pages by using a proxy service, a php page was found, having JavaScript that helps in evading detection.
Using the cues from the .php file, the user agent was adjusted accordingly, to reveal the following page:
As observed from the screenshots, the domain appears to the user in the form of an interactive Facebook post, with the comment and reaction features replicated. A list of suspect domains have been provided i the Appendix section of this Intelligence report (Tables 2 and 3)
The interaction begins by the user requiring to enter their phone number (which is not validated), and requiring to spam the Whatsapp and Messenger share buttons, until the progress bar reaches 100%
As part of verification, 3 more verification buttons are displayed, and eventually redirects the user from v3.takeverify.com to amazon.com.
On March 10, Nestlé Malaysia issued a warning regarding a fraudulent MILO Ramadan Contest that was being circulated online. The fake context uses engagement and involves fake posts offering cash prizes in exchange for completing a questionnaire. The company, through a public statement clarified that the contest is not affiliated with MILO or Nestlé and urged consumers to verify such promotions only through official Channels.
This is keeping in mind that Milo was targeted in a similar scam orchestration during the month of Ramadan in 2023, when a similar Questionnaire was floated around, offering cash prizes.
With the cases seen so far, Fake giveaways, especially during Ramadan, can significantly damage a brand's reputation by eroding consumer trust. When scammers exploit a brand’s name to deceive users, customers may associate the company with fraudulent activities, even if it is not at fault. This can lead to negative publicity, loss of customer confidence, and potential financial consequences as brands need to invest in damage control and public awareness campaigns.
Typical of this time of the year are clusters of fake E-Commerce websites that get created at mass and those that have an ulterior motive beyond the shopfront. Instagram Pages, offering too-good-to-be-true deals come into the mix during this holy month
Scammers leverage the lure of fake discounts, deceptive offers, and counterfeit product listings to lure unsuspecting customers into fraudulent transactions, leading to false hopes. Fake listings of luxury goods have been subjected to similar deceptive practices in the past. A couple of potentially suspicious domains have been included in the Appendix section of this Intelligence report.
On March 5, the news outlet GD News reported occurrences where scammers are exploiting Ramadan shoppers by advertising discounted abayas on social media platforms and fraudulent websites. These were in turn flagged from fake Instagram accounts selling them, by Bahrain’s General Directorate of Anti-Corruption and Economic and Electronic Security.
These listings attract buyers with too-good-to-be-true offers, claiming to sell premium abayas at significantly reduced prices. However, once payments are made, victims either receive substandard or counterfeit products or, in many cases, nothing at all.
The rise in scams during Ramadan highlights the ever-evolving tactics of cybercriminals who exploit religious generosity and the festive shopping rush for financial gain. From fake Zakat assistance programs to fraudulent giveaways, these scams target individuals’ trust, leading to significant financial and personal losses.
The increasing sophistication of these frauds calls for a proactive approach, combining public awareness, stronger cybersecurity measures, and collaboration between financial institutions, retailers, and law enforcement. By staying informed, verifying sources, and adopting secure online practices, individuals can better protect themselves from falling victim to these deceptive schemes
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
5
min read
Ramadan is a time of reflection, charity, and community spirit, but cybercriminals are turning this season of giving into a playground for deception. From fraudulent donation campaigns to fake crypto giveaways, scammers are preying on goodwill, manipulating emotions, and using social proof to trick unsuspecting victims into parting with their digital assets. This advisory exposes the latest trends in Ramadan-themed scams, including wallet-draining schemes disguised as religious incentives, the rise of deceptive crypto tokens, and fake e-commerce sales targeting festive shoppers. With cybercriminals leveraging social media verification badges, AI-generated promotions, and complex psychological tricks, staying vigilant has never been more crucial. Learn how these scams work, who they target, and—most importantly—how to protect yourself and your loved ones from falling victim. Read the full report to uncover the hidden dangers lurking in your inbox, on your favorite social media platforms, and even in the name of charity.
Ramadan is a time of reflection, generosity, and heightened charitable giving. However, cybercriminals are exploiting this sacred period to launch targeted crypto scams, preying on the goodwill of individuals and organizations. From fraudulent donation requests to spreading crypto token investment schemes, these scams leverage social engineering and trust to deceive victims into transferring their digital assets.
This report examines the rising trend of Ramadan-related crypto, e-commerce and donation scams, uncovering the techniques used by cybercriminals, their impact on victims, and best practices for staying secure and making awareness and vigilance more crucial than ever.
As Ramadan approaches, millions worldwide engage in charity, gifting, and financial transactions. Cybercriminals exploit this generosity by launching deceptive schemes disguised as giveaways and airdrops.
An interesting website that we would like to highlight for this case, is one that has sprouted in recent days titled “RamadanAI”, has been created in recent days, promising users prizes of value worth 0.03 and 0.10 Solana, after connecting their Phantom Wallet and carrying out quests to earn Solana.
This is done, while additionally promoting a new token on the Solana Platform, incidentally named ‘Ramadan Ai’, which currently has a low value. This is probably because of the token’s infancy on the market. Changes to the token’s value within 24 hours indicates low trading activity and a sharp fall-off (possible whale sell-off or low liquidity impact).
At the time of publishing this blog, the token had been discontinued.
How Victims Fall for the Scam and the Exploitation of Religion
1. The Illusion of “Earn While You Worship”
This scam capitalizes on religious devotion by blending spirituality with financial incentives. It presents users with a gamified reward system, encouraging them to complete faith-based actions — such as prayer, Quran recitation, and sharing religious quotes, under the guise of earning cryptocurrency.
2. Psychological Manipulation and Social Proof
The task-based system encourages users to take small, seemingly harmless actions—like following an account or tweeting a Ramadan quote, before escalating to more dangerous actions, such as connecting their crypto wallets.
The social engagement aspect (tweeting or following an account) also helps the scam gain visibility, making it seem more legitimate as more people unknowingly promote it.
3. The Wallet Connection Trap
Ultimately, to “receive” the promised SOL rewards, users are likely asked to connect their crypto wallets. This step is where the real attack happens:
To further lend an air of legitimacy to the entire proceedings, a Gitbooks page was discovered with documentation, under the guise of a Whitepaper on the token
In recent days, a handful of accounts have been created on X (formerly Twitter) to boost promotion of Ramadan based crypto tokens. A cursory search revealed over 15 recently created Twitter accounts engaging in the practice. They are namely:-
Gauging Engagement - These giveaways often gauge engagement from users by inviting them to follow, comment or join associated Telegram channels. This has been observed to be a common occurrence on Twitter since 2024.
Leveraging Legitimacy - As evidenced by the screenshots below, the accounts running token promotions have the ‘Verified Tick’ associated with the profiles. These can be purchased from as low as USD 6.51 per month, as per revised account upgrade policies. As these are typically (in the public sense) associated with accounts spreading trustworthy content, people can be duped into this illusion. The posts are usually associated with a wallet/contract address for making transactions.
Need for regulations - The rapid rise of memecoins and fake tokens, often created under the guise of supporting a cause, highlights a significant regulatory gap in the crypto space. Unlike traditional financial instruments, these tokens can be launched with little to no oversight, allowing bad actors to exploit public sentiment for profit. The absence of stringent regulations means that anyone can generate a token, promote it through social media hype, and lure investors with promises of giveaways or charitable donations—many of which never materialize.
Though these are tokens that are being promoted during this holy month, they should be made aware of in the public domain so that uninformed citizens can prevent falling into pitfalls, with unwise investment ventures
Token Analysis
Based on those available on the cryptocurrency network and keeping factors such as liquidity and token age in mind, a few risky tokens could be flagged:-
Takeaways from the table:-
A recent case involved a fake online advertisement falsely claiming to provide SGD 1,000 in financial aid through the Islamic Religious Council of Singapore (Muis). The scam lures victims into submitting their personal details via an application form, potentially leading to identity theft and financial fraud. This was later clarified by the religious society as a faux charity assistance drive.
Found to be circulating within the first few days of Ramadan was a data pack giveaway for phone users. Under the illusion of a data pack giveaway between 50 GB and 100 GB, over 50 primary domains with the (.top and .xyz) TLD’s were found to be registered and associated with the campaign. These were then circulated across Facebook. The campaign is centered around Philippines and the Middle East (a list of affected telecom companies have been provided below).
When clicking on the distributed links, the user is met with a 404 ‘Not Found’ page. Tinkering with the collected pages by using a proxy service, a php page was found, having JavaScript that helps in evading detection.
Using the cues from the .php file, the user agent was adjusted accordingly, to reveal the following page:
As observed from the screenshots, the domain appears to the user in the form of an interactive Facebook post, with the comment and reaction features replicated. A list of suspect domains have been provided i the Appendix section of this Intelligence report (Tables 2 and 3)
The interaction begins by the user requiring to enter their phone number (which is not validated), and requiring to spam the Whatsapp and Messenger share buttons, until the progress bar reaches 100%
As part of verification, 3 more verification buttons are displayed, and eventually redirects the user from v3.takeverify.com to amazon.com.
On March 10, Nestlé Malaysia issued a warning regarding a fraudulent MILO Ramadan Contest that was being circulated online. The fake context uses engagement and involves fake posts offering cash prizes in exchange for completing a questionnaire. The company, through a public statement clarified that the contest is not affiliated with MILO or Nestlé and urged consumers to verify such promotions only through official Channels.
This is keeping in mind that Milo was targeted in a similar scam orchestration during the month of Ramadan in 2023, when a similar Questionnaire was floated around, offering cash prizes.
With the cases seen so far, Fake giveaways, especially during Ramadan, can significantly damage a brand's reputation by eroding consumer trust. When scammers exploit a brand’s name to deceive users, customers may associate the company with fraudulent activities, even if it is not at fault. This can lead to negative publicity, loss of customer confidence, and potential financial consequences as brands need to invest in damage control and public awareness campaigns.
Typical of this time of the year are clusters of fake E-Commerce websites that get created at mass and those that have an ulterior motive beyond the shopfront. Instagram Pages, offering too-good-to-be-true deals come into the mix during this holy month
Scammers leverage the lure of fake discounts, deceptive offers, and counterfeit product listings to lure unsuspecting customers into fraudulent transactions, leading to false hopes. Fake listings of luxury goods have been subjected to similar deceptive practices in the past. A couple of potentially suspicious domains have been included in the Appendix section of this Intelligence report.
On March 5, the news outlet GD News reported occurrences where scammers are exploiting Ramadan shoppers by advertising discounted abayas on social media platforms and fraudulent websites. These were in turn flagged from fake Instagram accounts selling them, by Bahrain’s General Directorate of Anti-Corruption and Economic and Electronic Security.
These listings attract buyers with too-good-to-be-true offers, claiming to sell premium abayas at significantly reduced prices. However, once payments are made, victims either receive substandard or counterfeit products or, in many cases, nothing at all.
The rise in scams during Ramadan highlights the ever-evolving tactics of cybercriminals who exploit religious generosity and the festive shopping rush for financial gain. From fake Zakat assistance programs to fraudulent giveaways, these scams target individuals’ trust, leading to significant financial and personal losses.
The increasing sophistication of these frauds calls for a proactive approach, combining public awareness, stronger cybersecurity measures, and collaboration between financial institutions, retailers, and law enforcement. By staying informed, verifying sources, and adopting secure online practices, individuals can better protect themselves from falling victim to these deceptive schemes