Chinese websites may steal users’ data via fake gift offers

New Delhi: Amid the festive season in the country, the government cyber agency warned that free gift offers can be a trick by Chinese websites to steal users’ confidential information.

In an advisory, CERT-In, under the IT Ministry, cautioned users against adwares targeting prominent brands and tricking customers in fraudulent phishing and scams.

“Fake messages are in circulation on various social media platforms (WhatsApp, Telegram, Instagram, etc.) that falsely claim a festive offer luring users into gift links and prizes,” it said.

“The threat actor campaign is mostly targeting women and asking to share the links among peers over WhatsApp/Telegram/Instagram accounts,” it added.

The victim receives a message containing a link to a phishing website similar to the websites of popular brands, and are lured with a false claim of a special festive offer of prizes or money on answering a questionnaire. The attackers then entice the users to give sensitive information like personal details, bank account details, passwords, OTPs, or use it for adware, and other adversarial purposes. The website links involved are mostly Chinese (.cn) domains and other extensions such as .top, .xyz.

These attack campaigns can effectively jeopardise the privacy and security of sensitive customer data and result in financial frauds, the advisory noted.

(IANS)