Cybercrime and Fraud Offences Under Saudi Law
Saudi Arabia's Anti-Cyber Crime Law establishes a tiered system of offences and penalties, with online fraud and unauthorised system access forming two of the most commonly prosecuted categories. Whether you are a victim, a bystander, or an active participant, understanding this law can protect your freedom and finances.
---
Unauthorised Access to Systems and Data
Basic Unauthorised Access (Article 3)
The lowest tier of offence covers spying on, intercepting, or receiving data transmitted through an information network or computer without authorisation. This includes:
- Monitoring someone else's emails or messages without permission
- Accessing a colleague's computer files without authorisation
- Intercepting data on a shared or public network
Penalty: Up to 1 year imprisonment and/or a fine of up to SAR 500,000
Unauthorised Access with Intent to Cause Harm (Article 5)
If access is gained with the intention to delete, erase, destroy, leak, damage, or alter data, the offence moves to a more serious tier:
Penalty: Up to 4 years imprisonment and/or a fine of up to SAR 3,000,000
This would cover activities such as accessing a company database and deleting records, or accessing a former partner's email account and forwarding private messages.
---
Online Fraud (Article 4)
Article 4 specifically addresses cyber-enabled fraud, including:
- Acquiring movable property or financial instruments through online deception
- Phishing — using fake websites or messages to steal credentials
- Accessing another person's bank account fraudulently
- Signing or forging digital bonds or financial documents under false pretences
Penalty: Up to 3 years imprisonment and/or a fine of up to SAR 2,000,000
---
How Expats Commonly Face Fraud-Related Charges
Receiving Fraudulent Transfers (Money Mule Situations)
Expats are sometimes approached with offers to receive money into their bank account and transfer it onward for a commission. This is a money mule scheme and participating — even unknowingly — can result in prosecution for fraud-related cyber offences.
Using Shared Credentials
Using login credentials shared by a colleague or employer to access a system you are not personally authorised to use can constitute unauthorised access, even if the work purpose seems legitimate.
Accessing an Ex-Partner's Accounts
Attempting to access a former partner's email, social media, or banking accounts — even if you previously knew the password — is a criminal offence under this law.
Workplace Data Breaches
Downloading or forwarding company data without authorisation — even to your personal email for convenience — may constitute an access or data integrity offence.
---
Aggravated Penalties: When Sentences Double
Under Article 8, the minimum sentence cannot be less than half the maximum when:
- The crime is part of organised criminal activity
- The offender is a government employee and the crime relates to their official role
- The offender used their workplace systems or position to commit the crime
For an expat in a professional or government-adjacent role, these aggravating factors are especially important to understand.
---
Liability for Helping or Attempting
- Attempting an offence: Penalty of up to half the maximum for the relevant tier (Article 10)
- Assisting or facilitating someone else's cyber crime: Penalty of up to the full maximum if the crime succeeds (Article 9)
This means that even technical assistance — helping someone set up a system later used for fraud, for example — can lead to serious prosecution.
---
Device Confiscation and Account Closure
Beyond prison and fines, courts may order (Article 13):
- Confiscation of all devices, software, and equipment used in the offence
- Confiscation of proceeds generated from the crime
- Permanent closure of websites or service platforms involved
---
Protecting Yourself as an Expat
- Never share your login credentials with anyone, including colleagues
- Report suspicious financial approaches to your bank and authorities immediately
- Do not accept money transfer requests from strangers or recent acquaintances
- Use separate personal and work devices to avoid accidental access violations
- Seek legal advice before accessing any system you are not explicitly authorised to use
- If you have been defrauded, report it promptly — being a victim does not automatically insulate you from scrutiny if your account was used in a crime
---
Final Note
Saudi courts take cyber fraud and unauthorised access seriously, and sentences are enforced. Expats should maintain strict digital hygiene and seek immediate legal counsel if they believe they are under investigation or have been used as an unwitting participant in a fraud scheme.