Fraud Alert: Beware of Diwali Free Gift Messages as Links Can Rob You
Yogesh Sapkale | 22 October 2022
Share
0
Whenever there is an event or celebration, we go all out to enjoy it. The 'we', in this case, includes fraudsters who cash-in on the buying spree by setting traps through bulk messages with dubious links, offering discounts and offers masquerading as top brands. Many people open the link, only to realise later that they have lost money from their bank accounts. A 'free gift' from Amazon or Tanishq is the latest gimmick used by criminals to lure potential victims. And it is working – scores of people are being fooled and looted every day. 
 
According to the Indian - Computer Emergency Response Team (CERT-In), fake messages on social media platforms such as WhatsApp, Telegram, and Instagram make false claims about festive offers luring and encouraging people to click links and win prizes. 
 
"The website links involved are mostly Chinese [.cn] domains or extensions such as .top, .xyz. These attack campaigns can effectively jeopardise the privacy and security of sensitive customer data and result in financial frauds," it says.
 
A crucial issue in these frauds is how the recipient reads and understands the text in the link. While reading links or URLs, we need to use right-to-left mode. However, since most of us are trained to read from left to right, we just read the first name in the link and believe it must be from a genuine entity. 
 
For example, a link like 'amazon.iamfraud.com' would cause many people to believe that it is from Amazon. It is not. This is actually a sub-domain of 'imfraud.com'. People fail to understand this and end up being a victim of link fraud. 
 
 
Fraudsters also use short URL in their messages. In such cases, the strict rule is never to open any short links. In the rarest case, if you want to open the link out of curiosity, visit wheregoes.com or checkshorturl.com. Both websites offer a free tool that tracks the URL to its destination.
 
Here is how I tracked a link that was forwarded on WA in the name of the 'Amazon Oktoberfest 2022 Giveaway' with this short URL https://tinyurl4.ru/e674835394/. However, the trace returned with 'Error: Status Code 403' or ‘Page Not Found’ message. It means the page was removed by the fraudsters, possibly after achieving their target. Almost all cybercriminals keep frequently changing (read improving) their basic tool, the short URL. This explains why it is quite difficult for police to track and take action against these fraudsters.
 
Here are some URLs shared by CERT-In that are being used to cheat people in the name of free gift. Indicators of Compromise (IoC)
 
hXXp://balancesynthesize[.]cn/
hXXp://deadlineconserve[.]cn/
hXXp://noticeablerefute[.]cn/
hXXps://8yue22[.]cn/
hXXps://talentll[.]top/
hXXp://bornhibernation[.]cn/
hXXp://baitaristocracy[.]top
hXXp://adidasiwang[.]xyz
hXXp://wishdegenerate[.]cn
hXXp://futurecertification[.]cn
 
However, the frauds through links in messages are not limited to just shopping festivals or free gifts. A few months ago, many received SMS about pending electricity bills. This, of course, was a fraud. While police have arrested some criminals behind these frauds, several out in the open still await the target to get trapped.
 
Recently, a friend received a message about the renewal of his internet connection just while he was leaving his office in the evening. While travelling, he opened the link given in the message and paid the necessary amount to renew his package. However, when he reached home, he was shocked to see nearly Rs2 lakh transferred from his account in three different transactions he had never initiated. Obviously, he clicked on the wrong link and inadvertently ended up sharing his bank details. 
 
Scammers often mask their identity by using email-to-text services to avoid revealing their actual phone numbers. Genuine SMS messages from banks or service-providers usually contain a sender ID (consisting of their short name) instead of the phone number as the sender. 
 
In most cases, when you click on the link, malware gets installed on your mobile device (Android), which then gives access to all information on your device to the criminal gangs. In a few cases, the screen-sharing app may also be installed in the victim's device. Once the fraudsters have access to your device, they can easily use the information to rob you. 
 
How Not To Become a Victim
 
Do not respond to an unknown caller's request to visit any portal or click to open any link sent on message (SMS/email) to this person. 
 
Do NOT click on any link, especially the short URL, shared by anyone. 
 
Do NOT download any app, other than from the authorised app stores (Google Play store).
 
Use a good quality anti-virus (several free apps provide good protection) for protection from viruses, malware, ransomware and remote access.  
 
How To Report Cyberfraud?
 
Do report cyber crimes to the national cybercrime reporting portal http://cybercrime.gov.in or call the toll-free national helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).