CERT-In warns users to be wary of fake messages as festive season approaches
The cybersecurity watchdog said users were being targeted through fake messages that claim to contain festive offers, but this ultimately leads users to suspicious websites that can potentially steal sensitive data like bank account details, passwords and One-Time Passwords.
“Fake messages are in circulation on various social media platforms (WhatsApp, Telegram, Instagram, etc), that falsely claim a festive offer luring users into gift links and prizes,” according to the CERT-In advisory on October 18.
The threat actor mostly targets women, asking them to share the link among peers over WhatsApp/Telegram/Instagram accounts.
CERT-In said the victim receives a message with a link to a website modelled after websites of popular brands.
Many of the websites had Chinese (.cn) domains or other extensions like .top and .xyz.
Discover the stories of your interest
On the website, the user is asked to fill up a questionnaire with the false claim of securing a chance to win money and prizes.
“The attackers entice the users to give sensitive information like personal details, bank account details, passwords, OTPs or use it for adware and other adversarial purposes,” CERT-In said.
After that, the website claims that a user has won a prize and asks them to share the website link with others through WhatsApp.
It went on to add that the malicious link may further result in “large-scale attacks and financial frauds.”
The body urged users not to browse untrusted websites or click on un-trusted links.
“Only click on URLS that clearly indicate the website domain. When in doubt, users can search for the organisation’s website directly using search engines to ensure that the websites they visited are legitimate,” the agency said.
It said that legitimate organisations would never ask for login credentials or credit card information by email or SMS.
“Keep personal information private. Threat actors can use social media profiles to gather information and make targeted attack against you,” the advisory read.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.