Scammers exploit Ramadan: Surge in fraudulent Crypto giveaways, fake charities as Muslims observe fasts, says report

“Ramadan is synonymous with goodwill and charitable donations, making it a prime target for malicious actors. Cybercriminals are leveraging religious sentiments to trick unsuspecting donors and investors into fraudulent schemes, draining digital wallets, and stealing sensitive financial information,” the report by CloudSEK, an AI-driven cybersecurity firm, said.

Muslims worldwide observe dawn-to-dusk fasting for 30 days during Ramadan, which began in India on March 2.

Cybercriminals Exploit Ramadan’s Spirit of Giving

The research found a surge in scams using social engineering tactics to exploit trust. One of the most concerning trends is the emergence of ‘Ramadan AI’, a deceptive platform falsely promising crypto rewards to those who engage in faith-based activities.

Here are the key findings of the report:

Fake Ramadan Crypto Giveaways: Fraudulent websites are enticing users with the promise of free cryptocurrency in exchange for connecting their wallets, ultimately leading to fund theft through malicious smart contracts.

Manipulation Through Religious Sentiments: Scammers have introduced “Earn While You Worship” programs, encouraging users to participate in religious acts such as prayer and Quran recitation in exchange for digital currency, creating a dangerous gateway for financial exploitation.

Deceptive Social Media Tactics: Over 15 newly created accounts on X (formerly Twitter) have been promoting dubious Ramadan-themed tokens, misleading users into buying volatile and potentially fraudulent investments.

Fraudulent E-Commerce Websites: Cybercriminals operate fake online stores, particularly targeting Ramadan shoppers with deep discounts on cultural attire. Victims often receive counterfeit goods—or nothing at all.

Zakat and Charity Scams: Fake donation campaigns, falsely claiming to represent legitimate Islamic charities, are tricking generous individuals into transferring funds to fraudulent accounts. Zakat or alms is the charity that Muslims give from their wealth.

Fake Mobile Data Giveaways: Over 50 newly registered domains with “.top” and “.xyz” TLDs have been associated with fraudulent Ramadan data giveaway campaigns, primarily targeting telecom users in the Philippines and the Middle East.

“These scams are not just isolated incidents; they represent a massive, coordinated effort by cybercriminals to exploit religious generosity on a global scale. The sheer volume of fraudulent crypto projects, fake charities, and deceptive e-commerce operations detected this Ramadan highlights a deeply concerning trend. With over 50 fake domains identified, we urge users to exercise extreme caution when making donations or investing in Ramadan-themed tokens,” said Noel Varghese, Threat Researcher, CloudSEK.

How to Stay Safe?

Verify Charitable Organisations: Only donate to established charities by checking their official websites and verifying their credentials before making contributions.

Be Wary of Unrealistic Offers: If an investment or giveaway appears too good to be true, it likely is. Avoid offers promising large crypto rewards with minimal effort.

Protect Your Crypto Assets: Never connect your crypto wallet to unverified platforms or share sensitive information, such as private keys or seed phrases.

Scrutinise Social Media Promotions: Avoid engaging with newly created accounts aggressively promoting crypto giveaways and investment schemes, particularly those leveraging religious themes.