AS the holy month of Ramadan approaches, a cybersecurity group has identified more than 97 phishing websites targeting Malaysian citizens and, in some cases, impersonating government officials to steal personal and financial information.
According to Group-IB, a vast majority of these fraudulent domains are registered using [.my.id] and [web.id], the Internet Top Level Domain code for Indonesia.
Based on the company’s investigations, the fraudulent scheme offers fidya—religious donations to those in financial need—or one-time social payouts from government agencies to Muslims in Malaysia.
These advertisements have been found on social media platforms such as Facebook alongside popular messaging apps including WhatsApp and Telegram.
Upon landing on the phishing website, the visitor will be asked to provide their credentials for their Facebook, Telegram, or WhatsApp accounts, including their password and one-time passcodes (OTPs) under the guise of verifying their identity in order to facilitate the payment process and claim the supposed funds.
Once the victim provides their information, their accounts would be taken over instantly, which the cybercriminals could then use for other malicious activities including impersonation scams or sold on the dark web for unauthorised access by other cybercriminals.
“We advise all Muslims celebrating Ramadan, as well as Malaysian citizens to take caution when encountering such advertisements online, and always verify the authenticity of the information with the official entity on their website, or through other official channels,” the group cautioned.
“Report these fraudulent advertisements or schemes to your local authorities, so that others will not fall prey to scammer.” – March 5, 2025
