Scammers use festive cheer to push fake deals, always verify before you buy or donate! 

Typical sources of these cybersecurity frauds are websites, messages on social media, and SMS text messages

Major festivals like Diwali, Dussehra, or Christmas are enormous business opportunities & exploited by cybercriminals. These fraudsters thrive on robbing shoppers by luring or diverting them to fake or imitated websites or WhatsApp messages with incredible offers that you cannot refuse. The scamsters create fake domains for such online shopping frauds. For instance, shop.com is impersonated to shoop.xyz with the same layout, look, feel, and content as the original website. This is a typical example of latest cyber frauds in India.

Another technique used by cybercriminals is to dupe people by sending special ‘Diwali’ gifts via WhatsApp messages, SMS, or email. All these messages have a link to download the “special gift”. Unsuspecting users inadvertently end up opening the link. Fraudsters make use of short URLs by fraudsters which allows them to hide the original links, a common tactic in online scams in cyber security.

Methodology

• • A malicious link is sent to a victim. After clicking on the link, a form opens & the user is asked to fill personal details and grant access to their contacts, messages, and call records to get a special gift.

• • It asks the victim to share the message with a certain number of friends or groups and their social media platforms to claim this special Diwali gift, which is one of the latest cyber fraud techniques during the cybersecurity festival season.

Precautions

As the proverb goes “There is no free lunch!”. Remember that if it sounds too good to be true, there might be a hidden agenda behind it. Be cautious while clicking on any link or opening any URL/website/email etc., as the “free” tag may be a bait set by the bad actors for unsuspecting users in a cyber security fraud.