Fake vouchers of popular brands are being shared on WhatsApp where users are redirected to websites seeking personal information, which is later used to dupe them in phishing scams. The police said at least three such cases have been registered over the past year, where people were allegedly duped on the pretext of free goodies from popular brands.
A similar case was registered in the first week of June, where a forwarded message claimed to offer free goodies in the name of supermarket chain D-Mart. The message read, “D-Mart is giving FREE INR2500 shopping voucher to celebrate its 17th anniversary. Click here to get yours (link). Enjoy”, said the police. “Upon clicking the link, personal details are sought. The post was shared widely on WhatsApp. If observed closely, in the website address, the alphabet ‘i’ is replaced by a similar looking alphabet,” an officer said.
After crowds thronged several D-Mart outlets, an FIR was registered at Powai police station on June 19 under sections of the Information Technology (IT) Act. An officer linked to the probe said, “We have found that the link originated from servers in Canada. Many people filled in their details on the link. Investigation is on.”
In May this year, another message that was widely shared on WhatsApp in the name of Jet Airways. The message read, “Jetairways Airline is giving 2 Free Tickets to everyone. To celebrate their 25th anniversary. Click here to get yours (link).” Jet Airways later tweeted that the message was fake.
In February, a WhatsApp message claimed that Adidas was giving free footwear. “Adidas is giving away 3000 Free Pair of shoes to celebrate its 93rd anniversary. Get your free shoes at (link),” read the message. Once clicked, people were directed to page where personal details were sough. Later, Adidas denied having made that offer.
Maharashtra Inspector General (cyber crime) Brijesh Singh said, “Normally, the accused use this modus operandi for something called ‘credential harvesting’. They basically try to get a detailed profile of people on their database, which is then used to target the people… stay away from such links.”
A cyber police officer said the accused also indulge in ‘website spoofing’. It means that you create a website that looks quite similar to the website of the company that ensures people don’t get suspicious. “There is a small change in the web address of the links, which a normal person will not notice,” the officer added.
Cyber expert Vicky Shah said, “On most occasions, fraudsters either do this to collect data for an attack that can be carried later on. At times, however, these websites ask people to pay 10 per cent of the total amount, which they flee with. This is an international trend and there have been other major brands whose names have been used by the fraudsters.”