The researchers have highlighted a few steps to ensure safety from these cyber threats during Diwali. (Representational Image: Reuters)
The Diwali festivities have attracted a swarm of cybercriminals using various scams and fraudulent activities to prey on unsuspecting celebrants
As Diwali, the festival of lights, illuminates spirits, CloudSEK’s threat research team sounds the alarm on an upsurge in cyber threats aiming to exploit the festive mood. The festivities have attracted a swarm of cybercriminals using various scams and fraudulent activities to prey on unsuspecting celebrants.
1. Phishing Phonies
Amid the joyous e-commerce rush, phishing campaigns are on the rise, targeting recharge and shopping sectors. CloudSEK spotted 828 unique domains in the Facebook Ads Library, mimicking renowned brands.
Fake domains crafted through typosquatting techniques aimed to appear legitimate, tricking less tech-savvy users. For instance, shoop.xyz mimicked shop.com with nearly identical features and content. Notably, these deceptive sites often had admin panels. Following CloudSEK’s report and action, the pages were removed due to brand abuse.
2. Betting Bonanza
A domain, featuring ‘Diwali’ and ‘Pooja’ keywords, traced back to a Hong Kong-based server by Megalayer Technologies. This site redirected to Chinese betting pages, including Bet 365 and MGM.
Rishika Desai, lead cyber intelligence, CloudSEK, highlighted the exploitation of Diwali’s increased internet traffic by cybercriminals, who create fake gambling platforms. These deceptive sites entice users with freebies or rewards, leading them to create accounts and subsequently incur significant financial losses.
3. Crypto Conundrum
Malicious individuals on Facebook and similar platforms deceive users, urging them to sign up on unreliable cryptocurrency websites. For instance, Bot Bro tempts users with promises of free life insurance and 5 TLC coins, leading them to dubious crypto platforms.
Rishika warned against such schemes, stressing that a quick web search indicates the unreliability of domains like Bot Bro for financial transactions. She cautioned against multiple instances of exploiting Diwali freebies to drive registrations to questionable crypto platforms.
4. Malware Menace
As per the report, on October 3, an e-commerce website selling jewellery was discovered to be urging customers to download an application loaded with Android Trojan malware. The keyword ‘Diwali’ was included in the domain name of this website.
The researchers have highlighted a few steps to ensure safety from these threats during Diwali. They advised users to avoid opening suspicious emails or messages and refrain from clicking on links or attachments from unknown senders. They suggested that users should avoid clicking on links from unknown sources on social media. It was also advised to purchase gift cards from trustworthy sources.
Additionally, researchers noted that online users need to be cautious of job ads promising high salaries for minimal work since such offers often indicate scams. Report suspicious posts to the platform for further investigation.