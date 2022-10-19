Festive season is here. Amid the festive cheer tech companies are offering major discounts to buyers across platforms as a part of various festive sale offers. Scammers, on the other hand, are using this as an opportunity for stealing critical user data by duping them in lieu of offering free gifting offers. Also Read - WhatsApp introduces Status reaction, Undo and more features for iOS users

India’s cyber-security team, Cert-In (Indian Computer Emergency Response Team) has issued an advisory, wherein the organisation has warned users against falling in prey to scams offering free gifts and offers. Also Read - How to collaborate with other accounts on Instagram

Cert-In said that there have been several reported cases wherein adwares are targeting prominient brands and tricking customers in fraudulent phishing attacks and scams. These adwares are delivered via messages on various social media and messaging platform and they offer a festive offer as a part of which users will be eligible to get gifts and prizes. Also Read - Instagram introduces a new video selfie option for age verification for users in India

“Fake messages are in circulation on various social media platforms (WhatsApp, Telegram, Instagram etc) that falsely claim a festive offer luring users into gift links and prizes. The threat actor campaign is mostly targeting women and asking to share the links among peers over WhatsApp/Telegram/Instagram accounts,” Cert-In wrote in its advisory.

How does the attack happen?

Cert-In said that the victim receives a message that contains a link to a phishing website that is quite similar to websites of popular brands. “The customer will be lured with a false claim of a special festive offer on answering a questionnaire through which one can win money and prizes.

The attackers then lure the unsuspecting victims into giving up their sensitive information such as their personal details, bank account details, passwords, OTPs, which they use for adware and other ‘adversarial purposes’.

The government body said that these fake and fraudulent websites were mostly of Chinese origin. “The website links involved are mostly Chinese [.cn] domains, and other extensions such as .top, .xyz. These attack campaigns can effectively jeopardise the privacy and security of sensitive customer data and result in financial frauds,” the advisory added.

How to safeguard yourself against such attacks

Cert-In also shared a bunch of guidelines that will prevent internet users from falling prey to such schemes. Check them out here:

— Do no browse untrusted websites or click on untrusted links.

— Check the sender details carefully before clicking on a link in a message or an email.

— Only click on URLs that clearly indicate the website domain.

— Never give away your login details or credit card details on email or SMS.

— Use strong passwords.

— Don’t use same passwords on multiple platforms.

— Download apps only from known app stores.

— Do not share your OTP with anyone.