There is a significant likelihood that any social media links you have received that lead to websites that offer free Diwali gifts are actually trying to steal your personal information. A warning from the Indian Computer Emergency Response Team (CERT-In) claims that users are being targeted with links that take them to Chinese websites where sensitive data, including banking information, can be stolen.
“Fake messages purporting to be from social media networks (WhatsApp, Instagram, Telegram, etc.) are circulating and tricking people into clicking on gift links and winning rewards. According to the CERT-In advice, the threat actor campaign primarily targets women and invites them to share the link with their peers on WhatsApp, Telegram, and Instagram accounts.
The majority of these websites, according to the national cybersecurity agency, use Chinese.cn domain extensions, while some use extensions like.xyz and.top.
The user first gets a mail with this URL in it. It might come from other victims who were asked to tell their friends and relatives about the link. The user initially receives a fake “Congratulations” message after clicking the link. They are then required to complete a questionnaire with specific information.
After completing the questionnaire, the victim is required to choose a “present” from a variety of options. Later, the user receives a second fake congrats message instructing them to forward the message to their contacts and groups on WhatsApp or other social media sites in order to win the prize.
Making sure you don’t click on any links to websites you don’t trust is the first step in avoiding such scams. Verify a link to be sure it is not a variation of another, even if it appears to lead to a trustworthy website. If you have any doubts, you can check the legitimacy of a website by searching for it on Google or another search engine.
Keep in mind that reputable companies will not request your login information, credit card information, or other credentials through surveys. Additionally, be sure to keep your personal information secret and avoid sharing it with websites that are not trustworthy.
Set transfer restrictions for UPI and other transactions through your bank since such attacks frequently include fake financial activities to minimise any risk you may have.
