CERT-In warns users to be wary of fake messages

CERT-In or Computer Emergency Response Team, the country’s top cyber security agency has warned against Chinese websites that are luring customers with free festive gifts and offers through fake messages. Such messages contain links that eventually lead them to phishing Chinese websites that appear similar to the websites of popular brands and ask users to share sensitive data like OTPs and bank account details.

It has been reported that adwares are targeting prominent brands and tricking its customers in fraudulent phishing/ fraudulent scams, CERT-In said in an advisory.

These fake messages are being circulated online via WhatsApp, Telegram, Instagram and other social networking platforms and they lure users with lucrative festive offers. These messages are mostly targeting women and ask them to share the links among peers via Telegram, WhatsApp and other social media channels.

“The victim receives a threat message containing a link to a phishing website similar to the website of popular brands. The customer will be lured with a false claim of a festive offer on answering a questionnaire through which one can win money and prizes. The attackers entice the users to give sensitive information like personal details, bank account details, passwords, OTPs and use it for adware, and other adversarial purposes,” the Cert-In advisory added.

The websites that are circulating these phishing links mostly involve Chinese domains (.cn) and other extensions such as .top, .xyz.

“These attacks can effectively jeopardise the privacy and security of sensitive customer data and result in financial frauds,” the advisory further noted.

To avoid falling prey to such scams, users can need to make sure that they do not click on suspicious links that lead to websites that are not trustworthy. In case, the link looks like it will lead to a legit website, Cert-In advises double-checking before proceeding to ensure it is not a variation of some form. In case the user has doubts, they must look for the website on Google to find out their authenticity. ABP Live