Chinese websites may steal user data via fake gifting offers: Cert-In
<img src="” title=”Chinese websites may steal user data via fake gifting offers: Cert-In” />
Festive season is here. Amid the festive cheer tech companies are offering major discounts to buyers across platforms as a part of various festive sale offers. Scammers, on the other hand, are using this as an opportunity for stealing critical user data by duping them in lieu of offering free gifting offers.
India’s cyber-security team, Cert-In (Indian Computer Emergency Response Team) has issued an advisory, wherein the organisation has warned users against falling in prey to scams offering free gifts and offers.
Cert-In said that there have been several reported cases wherein adwares are targeting prominient brands and tricking customers in fraudulent phishing attacks and scams. These adwares are delivered via messages on various social media and messaging platform and they offer a festive offer as a part of which users will be eligible to get gifts and prizes.
“Fake messages are in circulation on various social media platforms (WhatsApp, Telegram, Instagram etc) that falsely claim a festive offer luring users into gift links and prizes. The threat actor campaign is mostly targeting women and asking to share the links among peers over WhatsApp/Telegram/Instagram accounts,” Cert-In wrote in its advisory.
How does the attack happen?
Cert-In said that the victim receives a message that contains a link to a phishing website that is quite similar to websites of popular brands. “The customer will be lured with a false claim of a special festive offer on answering a questionnaire through which one can win money and prizes.
The attackers then lure the unsuspecting victims into giving up their sensitive information such as their personal details, bank account details, passwords, OTPs, which they use for adware and other ‘adversarial purposes’.
The government body said that these fake and fraudulent websites were mostly of Chinese origin. “The website links involved are mostly Chinese [.cn] domains, and other extensions such as .top, .xyz. These attack campaigns can effectively jeopardise the privacy and security of sensitive customer data and result in financial frauds,” the advisory added.
How to safeguard yourself against such attacks
Cert-In also shared a bunch of guidelines that will prevent internet users from falling prey to such schemes. Check them out here:
— Do no browse untrusted websites or click on untrusted links.
— Check the sender details carefully before clicking on a link in a message or an email.
— Only click on URLs that clearly indicate the website domain.
— Never give away your login details or credit card details on email or SMS.
— Use strong passwords.
— Don’t use same passwords on multiple platforms.
— Download apps only from known app stores.
— Do not share your OTP with anyone.
The post Chinese websites may steal user data via fake gifting offers: Cert-In appeared first on BGR India.
<img src="" title="Chinese websites may steal user data via fake gifting offers: Cert-In" />
Festive season is here. Amid the festive cheer tech companies are offering major discounts to buyers across platforms as a part of various festive sale offers. Scammers, on the other hand, are using this as an opportunity for stealing critical user data by duping them in lieu of offering free gifting offers.
India’s cyber-security team, Cert-In (Indian Computer Emergency Response Team) has issued an advisory, wherein the organisation has warned users against falling in prey to scams offering free gifts and offers.
Cert-In said that there have been several reported cases wherein adwares are targeting prominient brands and tricking customers in fraudulent phishing attacks and scams. These adwares are delivered via messages on various social media and messaging platform and they offer a festive offer as a part of which users will be eligible to get gifts and prizes.
“Fake messages are in circulation on various social media platforms (WhatsApp, Telegram, Instagram etc) that falsely claim a festive offer luring users into gift links and prizes. The threat actor campaign is mostly targeting women and asking to share the links among peers over WhatsApp/Telegram/Instagram accounts,” Cert-In wrote in its advisory.
How does the attack happen?
Cert-In said that the victim receives a message that contains a link to a phishing website that is quite similar to websites of popular brands. “The customer will be lured with a false claim of a special festive offer on answering a questionnaire through which one can win money and prizes.
The attackers then lure the unsuspecting victims into giving up their sensitive information such as their personal details, bank account details, passwords, OTPs, which they use for adware and other ‘adversarial purposes’.
The government body said that these fake and fraudulent websites were mostly of Chinese origin. “The website links involved are mostly Chinese [.cn] domains, and other extensions such as .top, .xyz. These attack campaigns can effectively jeopardise the privacy and security of sensitive customer data and result in financial frauds,” the advisory added.
How to safeguard yourself against such attacks
Cert-In also shared a bunch of guidelines that will prevent internet users from falling prey to such schemes. Check them out here:
— Do no browse untrusted websites or click on untrusted links.
— Check the sender details carefully before clicking on a link in a message or an email.
— Only click on URLs that clearly indicate the website domain.
— Never give away your login details or credit card details on email or SMS.
— Use strong passwords.
— Don’t use same passwords on multiple platforms.
— Download apps only from known app stores.
— Do not share your OTP with anyone.
The post Chinese websites may steal user data via fake gifting offers: Cert-In appeared first on BGR India.
<img src="” title=”Chinese websites may steal user data via fake gifting offers: Cert-In” />
Festive season is here. Amid the festive cheer tech companies are offering major discounts to buyers across platforms as a part of various festive sale offers. Scammers, on the other hand, are using this as an opportunity for stealing critical user data by duping them in lieu of offering free gifting offers.
India’s cyber-security team, Cert-In (Indian Computer Emergency Response Team) has issued an advisory, wherein the organisation has warned users against falling in prey to scams offering free gifts and offers.
Cert-In said that there have been several reported cases wherein adwares are targeting prominient brands and tricking customers in fraudulent phishing attacks and scams. These adwares are delivered via messages on various social media and messaging platform and they offer a festive offer as a part of which users will be eligible to get gifts and prizes.
“Fake messages are in circulation on various social media platforms (WhatsApp, Telegram, Instagram etc) that falsely claim a festive offer luring users into gift links and prizes. The threat actor campaign is mostly targeting women and asking to share the links among peers over WhatsApp/Telegram/Instagram accounts,” Cert-In wrote in its advisory.
How does the attack happen?
Cert-In said that the victim receives a message that contains a link to a phishing website that is quite similar to websites of popular brands. “The customer will be lured with a false claim of a special festive offer on answering a questionnaire through which one can win money and prizes.
The attackers then lure the unsuspecting victims into giving up their sensitive information such as their personal details, bank account details, passwords, OTPs, which they use for adware and other ‘adversarial purposes’.
The government body said that these fake and fraudulent websites were mostly of Chinese origin. “The website links involved are mostly Chinese [.cn] domains, and other extensions such as .top, .xyz. These attack campaigns can effectively jeopardise the privacy and security of sensitive customer data and result in financial frauds,” the advisory added.
How to safeguard yourself against such attacks
Cert-In also shared a bunch of guidelines that will prevent internet users from falling prey to such schemes. Check them out here:
— Do no browse untrusted websites or click on untrusted links.
— Check the sender details carefully before clicking on a link in a message or an email.
— Only click on URLs that clearly indicate the website domain.
— Never give away your login details or credit card details on email or SMS.
— Use strong passwords.
— Don’t use same passwords on multiple platforms.
— Download apps only from known app stores.
— Do not share your OTP with anyone.
The post Chinese websites may steal user data via fake gifting offers: Cert-In appeared first on BGR India.
