Investment scams are targeting Saudi banking customers


Arabian, Investment Scams, Banking, AML

Cybercriminals exploit weaknesses in the human element and low awareness of many banking clients about information security

According to California-based company, Resecurity protecting Fortune 500 giants globally and specialising in cyber threat intelligence, the activity of cybercriminals targeting Saudi online-banking customers almost quadrupled in Q2 and the number of online scams increased almost to 320 percent.

The trend is expected to grow in Q3, as the majority of online banking customers in Saudi Arabia experience a huge interest in digital finance products, P2P payments and are now vulnerable to becoming victims of scams.

One of the dominating types of scams widely practiced by fraudsters (investment scam), is when the victim is advised to deposit some funds – to a bad actor account – to gain profit after some time, or to provide access to own online banking account for further trading and funds management. This is done via using various social engineering tactics to trick victims.

Once the access has been received the bad actor deploys remote administration tools to control the mobile device of the victim and to perform illegal transactions. Such tactics allow the bad actor to collect 2FA and OTP codes).

Saudi citizens globally are becoming victims of investment scams, that’s why it is extremely important to collaborate only with official accredited investment companies and financial institutions licensed by SAMA and CMA.

Cybercriminals exploit weaknesses in the human element and low awareness of many banking clients about information security, which adds additional challenges for the regulators in terms of consumer protection.

“Investment scam is a trending type of cybercriminal activity. The fraudsters impersonate themselves as banking employees, financial or wealth management advisors to gain trust, and approach innocent people interested in investment opportunities. It is extremely important to accelerate private-public partnership with regulators and law enforcement to combat it effectively leveraging AI-based threat intelligence and fraud prevention technologies” – said Eyad Ismail Hashash, CEO of HAMI Security, a Riyadh-based cybersecurity solutions provider.

Some of the identified fraudulent actors impersonated existing investment products offered by major financial institutions in the Kingdom. Almost all of them leveraged the communications via Whatsapp through an operator claiming to work for the investment company.

Another red flag characterising such scams is abnormally high payout percentage from investments in a very short time frame. Some scams investigated by Resecurity use advanced tactics based on motivating the victim to deposit bigger amounts starting from 100,000 SAR on multiple occurrence- bad actors start by asking a small sum and even returning to the victim a small profit then instantly proposing to reinvesting it afterwards, they disappear as soon as they receive the money.

More advanced fraudulent schemes involved amounts bypassing 100,000 SAR and higher per transaction.

Such social engineering techniques are widely practiced and could lead to big financial losses.

“The significance of such malicious activity is huge,” – says Christian Lee, Chief Technology Officer of California-based Resecurity, Inc. “Not only it creates distrust in the eyes of typical consumers of financial services, but also negatively affects their loyalty to existing investment and banking organisations,” he added.

Resecurity, Inc. providing threat intelligence and fraud prevention solutions to major financial institutions in KSA and internationally highlighted the importance of timely post-incident response, which allows the return of stolen funds while working collaboratively with the victims and involved banking organisations.

According to Mr. Lees from Resecurity, Inc. employment and investment scams are 2 of the key types of scams in Saudi Arabia leaving the banks in a difficult position from a fraud prevention perspective.

Without timely response and investigation of the incidents, bank customers find themselves in a challenging situation as the stolen funds will disappear via a chain of “money mules” and end up either in a Point of Sale or an ATM.

MOBITRADER, an identified scam that has been successfully investigated by Resecurity, was shared with SAMA, FS-ISAC and law enforcement; The scam impersonated a Forex broker with short-term managed investment options. Several victims have been interviewed to determine the end impact and in both cases the bad actors were extremely quick in laundering stolen funds via a network of ‘money mules’.

Alma, one of the victims interviewed after the incident, who asked to be anonymous, shared that the bad actors accessed her banking account, passed through 2FA and performed unauthorised transfers to several accounts opened in the same bank – in such scenarios they were able to receive their funds instantly and cash out them via ATM.

Resecurity is collaborating with local law enforcement and encouraging victims of investment scams to report them in a timely manner to maximise their chance to recover stolen funds.


Keep up to date with the latest cybersecurity news and developments.

By subscribing, I understand and agree that my personal data will be collected and processed according to the Privacy and Cookies Policy

Cloud Architecture
Cloud Architecture
445 S. Figueroa Street
Los Angeles, CA 90071
Google Maps
Contact us by filling out the form.
Try Resecurity products today with a free trial