CERT-In warns users to be wary of fake messages as festive season approaches

The Indian Computer Emergency Response Team (CERT-In), the country’s nodal cybersecurity agency, has asked users to remain cautious as the festive season kicks in.

The cybersecurity watchdog said users were being targeted through fake messages that claim to contain festive offers, but this ultimately leads users to suspicious websites that can potentially steal sensitive data like bank account details, passwords and One-Time Passwords.

“Fake messages are in circulation on various social media platforms (WhatsApp, Telegram, Instagram, etc), that falsely claim a festive offer luring users into gift links and prizes,” according to the CERT-In advisory on October 18.

The threat actor mostly targets women, asking them to share the link among peers over WhatsApp/Telegram/Instagram accounts.

CERT-In said the victim receives a message with a link to a website modelled after websites of popular brands.

Many of the websites had Chinese (.cn) domains or other extensions like .top and .xyz.

Discover the stories of your interest



On the website, the user is asked to fill up a questionnaire with the false claim of securing a chance to win money and prizes.

“The attackers entice the users to give sensitive information like personal details, bank account details, passwords, OTPs or use it for adware and other adversarial purposes,” CERT-In said.

After that, the website claims that a user has won a prize and asks them to share the website link with others through WhatsApp.

It went on to add that the malicious link may further result in “large-scale attacks and financial frauds.”

The body urged users not to browse untrusted websites or click on un-trusted links.

“Only click on URLS that clearly indicate the website domain. When in doubt, users can search for the organisation’s website directly using search engines to ensure that the websites they visited are legitimate,” the agency said.

It said that legitimate organisations would never ask for login credentials or credit card information by email or SMS.

“Keep personal information private. Threat actors can use social media profiles to gather information and make targeted attack against you,” the advisory read.

Stay on top of technology and startup news that matters. Subscribe to our daily newsletter for the latest and must-read tech news, delivered straight to your inbox.

For all the latest Technology News Click Here 

Read original article here

Denial of responsibility! TechAI is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.