Here’s how to stay safe from Chinese scammers releasing malicious Diwali-themed campaigns targeting Indians

• Chinese scammers found a new way to hack into your personal information.
• Scammers are using a new type of adware targeting prominent brands and tricking their customers into fraudulent and phishing scams.
• Here’s how you can stay safe.

If you have received social media links to websites that offer or promise free Diwali gifts, then that website is most likely trying to steal your personal information such as bank account details, contact number, address, Aaadhar card number, and more.

According to Cert-in, Indian Computer Emergency Response Team, recent advisory, a new type of adware are targeting prominent brand and tricking its customers into fraudulent and phishing scams.

Fake messages are been circulating on various social media platforms like Instagram, WhatsApp, Facebook, Telegram, and SMS. These messages falsely claim a festive offer luring users into gift links and prizes. This new type of scam mostly targets women and asks to share the link among peers on Telegram/ WhatsApp/ Instagram accounts, said the CERT-In in the advisory.

The national cybersecurity agency also said that most of these websites use Chinese (.cn) domains, including (.xyz, .top) extensions.
How does this scam work?
The victim receives a message containing a link to a scam website similar to the websites of popular brands. Also, the link could come from other victims who have been asked to share the link with their friends and family.

Once the user clicks on the link, they are greeted by a false congratulatory message. After this, users are asked to fill in details in a questionnaire to claim their free gift. In the questionnaire, the attacker entices the user to give sensitive information like personal details like bank details, passwords, and OTPs.

After a victim fills in the questionnaire, they are asked to select a gift from a set of items. Once a user does that, they are greeted by another false congratulations message.
Compromised websites
hXXp://balancesynthesize[.]cn/
XXp://deadlineconserve[.]cn/
hXXp://noticeablerefute[.]cn/
hXXps://8yue22[.]cn/
hxXps://talentIlL.]top/
How to avoid this scam

• To avoid such scams, do not browse through un-trusted websites or click on un-trusted links and be cautious while clicking on links by any unsolicited emails and SMSs.
• Only click on links or URLs that indicate a clear website domain. When in doubt, you can search for the organization’s website directly to ensure that websites are legitimate or not.
• Always remember, legitimate websites will never ask for your bank login information or bank card information by email or SMS. If you receive such a request, you are mostly dealing with threats.
• Keep your personal information safe, attackers can use social media profiles to gather information and make targeted attacks against you.
• Make sure your passwords are strong, and personal information such as credit card numbers and bank login details are not shared with anyone.
• Download apps only from Google Play Store and Apple’s App Store.
• Set transaction limits for cards, UPI accounts, and other financial transactions to reduce funds’ exposure.
• Don’t click on pop-up ads.
• Last but not least, never share an OTP with anyone.

SEE ALSO:
Soon you might be able to touch and feel the online products through your smartphone
With 303 vulnerabilities, Google Chrome is the riskiest browser of 2022: Atlas VPN