Diwali season in India is a time for celebrating, gifting, and extending good wishes. Taking advantage of this festive season, some frauds have come up with a unique way to dupe innocent people using fake Diwali offers and messages. GOI’s cybersecurity team has issued an advisory that warns the people against a few viral Diwali wishes messages targeting users to steal their personal and banking details.
Indian Computer Emergency Response Team (CERT-In) has revealed that these fake messages have a direct connection with a few Chinese websites as some links use .cn domain extensions while others use extensions like .xyz and .top.
Most of you must have received a host of those viral messages with links that can steal your information if you click on them. Some of these messages also look like they are designed by Tanishq, a leading jewelry brand in India.
The government’s team says in the advisory, “Fake messages are in circulation on various social media platforms like Whatsapp, Instagram, Telegram and more, that falsely claim a festive offer luring users into gift links and prizes. The threat actor campaign is mostly targeting women and asks to share the link among peers on WhatsApp/Telegram/Instagram accounts.”
How does this Diwali Wish Message Scam work?
Firstly a Diwali wish message that contains a malicious link is received by a victim. After clicking on the link, the victim is greeted with a fake website that imitates a popular brand. The user is greeted by a false “Congratulations” message. The victim is then enticed to fill in some personal details and grant access to their contacts, messages, and call records in order to get a special gift.
When the website receives the information, it asks the victim to share the message with a certain number of friends or groups and their social media platforms to claim this special Diwali gift.
How can one stay safe from such scams?
To make sure that you are not trapped in such scams, never share your banking details with anyone, especially online without receiving the link from an unverified source. Before opening any website. you should read the URL carefully and keep an eye out for suspicious extensions. Even if a link looks like it will take you to a legitimate website, double-check to make sure it is not a variation of some form.
Remember that legitimate organizations will not ask for your login details, credit card number, or other credentials through questionnaires. Also set transfer limits for UPI and other transactions through your bank so that you reduce any exposure you could have.
