<p>With Deepavali coming, the Indian Computer Emergency Response Team (CERT-In), country's nodal agency of the cybersecurity, has cautioned the public about spam mail or messages about festive offers. Such offers ultimately sealing of users' passwords or data or bank account details, the agency said.</p>.<p>"It has been reported that Adwares are targeting prominent brands and tricking its customers in fraudulent phishing/fraudulent scams. Fake messages are in circulation on various Social media platforms (WhatsApp, Telegram, Instagram, etc) that falsely claim a festive offer luring users into gift links and prizes. The threat actor campaign is mostly targeting women and asking to share the links among peers over WhatsApp/Telegram/Instagram accounts," the Cert-In said in an advisory.</p>.<p>The victim receives a message containing a link to a phishing website similar to the websites of popular brands. The customer will be lured with a false claim of a special festive offer on answering a questionnaire through which one can win money and prizes. The attackers entice the users to give sensitive information like personal details, bank account details, passwords, OTPs, or use it for adware, and other adversarial purposes, the advisory said.</p>.<p>The website links involved are mostly Chinese [.cn] domains, and other extensions such as .top, .xyz. These attack campaigns can effectively jeopardize the privacy and security of sensitive customer data and result in financial fraud, said the advisory.</p>.<p>The Cert-In asked the public not to browse un-trusted websites or click on un-trusted links and to exercise caution while clicking on the link provided in any unsolicited emails and SMSs.</p>.<p>"Exercise due care before clicking on the link provided in the message. Only click on URLs that clearly indicate the website domain. When in doubt, users can search for the organisation's website directly using search engines to ensure that the websites they visited are legitimate," the advisory said.</p>.<p>“Legitimate organizations will never ask for login credentials or credit card information by email or SMS. If you receive such a request, you are almost certainly dealing with a threat actor,” the advisory said.</p>
<p>With Deepavali coming, the Indian Computer Emergency Response Team (CERT-In), country's nodal agency of the cybersecurity, has cautioned the public about spam mail or messages about festive offers. Such offers ultimately sealing of users' passwords or data or bank account details, the agency said.</p>.<p>"It has been reported that Adwares are targeting prominent brands and tricking its customers in fraudulent phishing/fraudulent scams. Fake messages are in circulation on various Social media platforms (WhatsApp, Telegram, Instagram, etc) that falsely claim a festive offer luring users into gift links and prizes. The threat actor campaign is mostly targeting women and asking to share the links among peers over WhatsApp/Telegram/Instagram accounts," the Cert-In said in an advisory.</p>.<p>The victim receives a message containing a link to a phishing website similar to the websites of popular brands. The customer will be lured with a false claim of a special festive offer on answering a questionnaire through which one can win money and prizes. The attackers entice the users to give sensitive information like personal details, bank account details, passwords, OTPs, or use it for adware, and other adversarial purposes, the advisory said.</p>.<p>The website links involved are mostly Chinese [.cn] domains, and other extensions such as .top, .xyz. These attack campaigns can effectively jeopardize the privacy and security of sensitive customer data and result in financial fraud, said the advisory.</p>.<p>The Cert-In asked the public not to browse un-trusted websites or click on un-trusted links and to exercise caution while clicking on the link provided in any unsolicited emails and SMSs.</p>.<p>"Exercise due care before clicking on the link provided in the message. Only click on URLs that clearly indicate the website domain. When in doubt, users can search for the organisation's website directly using search engines to ensure that the websites they visited are legitimate," the advisory said.</p>.<p>“Legitimate organizations will never ask for login credentials or credit card information by email or SMS. If you receive such a request, you are almost certainly dealing with a threat actor,” the advisory said.</p>
